Trojaner-Board - Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los (https://www.trojaner-board.de/168296-comodo-trojware-js-agent-pd-300743807-los.html)

Baane

29.06.2015 06:07

Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los

Hallo Helfer/Helferin,

Ich habe ein kleines Problem:
Mein Comodo erkennt regelmäßig TrojWare.JS.Agent.PD@300743807 in Firefox Unterordnern. Leider kann ich hier kein Comodo Protokoll posten, da ich aus Dummheit die Logs bereinigt habe, beim Versuch die richtigen Ergebnisse zu filtern.
An sich habe ich bisher keine Auffälligkeiten an meinem Rechner erkannt, jedoch plage ich mich jetzt schon seit längerer Zeit mit Problemen am Firefox herum. Es gibt immer wieder Phasen in denen er hängen bleibt, sich selbst beendet oder extrem langsam ist.
Dieses Problem hatte auch nach kompletter Deinstallation des Firefox Bestand.

Anbei schicke ich die geforderten Logs, und hoffe sie helfen dir (und dann ja auch mir) weiter:

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 06:14 on 29/06/2015 (Martin)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01

Ran by Martin (administrator) on ******** on 29-06-2015 06:16:17

Running from C:\Users\Martin\Downloads

Loaded Profiles: Martin (Available Profiles: Martin & Administrator)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4150\Agent.exe

(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5942\Battle.net.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-11-28] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-11-28] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-12-12] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-10] (COMODO)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-06-20] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-06-20] (Apple Inc.)

HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-06-08] (Oracle Corporation)

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-01-28] (Apple Inc.)

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-01-28] (Apple Inc.)

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-11] (SUPERAntiSpyware)

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)

AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-04-25]

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2013-11-20]

ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-08] (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-08] (Oracle Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{0B79355F-0C5D-4A23-87FC-1205805516AD}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{0B79355F-0C5D-4A23-87FC-1205805516AD}: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()

FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-08] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-08] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-12] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\user.js [2015-06-22]

FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\donottrackplus@abine.com [2015-06-22]

FF Extension: FoxyProxy Standard - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\foxyproxy@eric.h.jung [2015-06-22]

FF Extension: Flashblock - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-06-22]

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-22]

FF Extension: anonymoX - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\client@anonymox.net.xpi [2015-06-22]

FF Extension: NoScript - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-22]

FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-22]

FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-22]
 

Chrome: 

=======

CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-26]

CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-26]

CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-26]

CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-26]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]

CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]

CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-26]

CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Martin\AppData\LocalLow\proxtube\CHROME\proxtube.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-11] (SUPERAntiSpyware.com)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-06-20] (Apple Inc.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-29] (Microsoft Corporation)

S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-10] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-10] (COMODO)

S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()

R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2012-11-28] (DTS)

S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-12-12] (NVIDIA Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-06-22] (Malwarebytes Corporation)

S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-12-12] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-12-12] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-03] (Electronic Arts)

S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-29] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 aswnet; C:\Windows\System32\Drivers\aswnet.sys [468144 2013-01-21] (AVAST Software)

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)

R1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [40224 2012-09-21] (Windows (R) Win 7 DDK provider)

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)

R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)

S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2015-01-17] (CPUID)

S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-11-03] (LogMeIn Inc.)

R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()

R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-22] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-22] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-12-12] (NVIDIA Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-29] (Microsoft Corporation)

S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== One Month Created files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-06-29 06:16 - 2015-06-29 06:17 - 00018150 _____ C:\Users\Martin\Downloads\FRST.txt

2015-06-29 06:16 - 2015-06-29 06:16 - 00000000 ____D C:\Users\Martin\Desktop\TrojanerBoard

2015-06-29 06:16 - 2015-06-29 06:16 - 00000000 ____D C:\FRST

2015-06-29 06:15 - 2015-06-29 06:15 - 02112512 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe

2015-06-29 06:14 - 2015-06-29 06:14 - 00050477 _____ C:\Users\Martin\Downloads\Defogger.exe

2015-06-29 06:14 - 2015-06-29 06:14 - 00000474 _____ C:\Users\Martin\Downloads\defogger_disable.log

2015-06-29 06:14 - 2015-06-29 06:14 - 00000000 _____ C:\Users\Martin\defogger_reenable

2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Movavi

2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Movavi

2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Deshaker

2015-06-28 04:35 - 2015-06-28 04:35 - 00001132 _____ C:\Users\Public\Desktop\Movavi Video Editor 10.lnk

2015-06-28 04:35 - 2015-06-28 04:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 10

2015-06-28 04:34 - 2015-06-28 04:35 - 00000000 ____D C:\Program Files (x86)\Movavi Video Editor 10

2015-06-28 04:33 - 2015-06-28 04:33 - 00005005 _____ C:\ProgramData\wmzddnmb.cix

2015-06-28 04:33 - 2015-06-28 04:33 - 00000000 ____D C:\ProgramData\Movavi Video Editor 10

2015-06-28 04:31 - 2015-06-28 04:32 - 122618720 _____ (Movavi) C:\Users\Martin\Downloads\MovaviVideoEditorSetupC.exe

2015-06-28 03:59 - 2015-06-28 04:26 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel Teamspeak

2015-06-27 20:08 - 2015-06-27 20:08 - 06477032 _____ (Tim Kosse) C:\Users\Martin\Downloads\FileZilla_3.11.0.2_win64-setup.exe

2015-06-27 14:44 - 2015-06-27 14:44 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft Logs Uploader.lnk

2015-06-27 14:44 - 2015-06-27 14:44 - 00001023 _____ C:\Users\Public\Desktop\Warcraft Logs Uploader.lnk

2015-06-27 14:44 - 2015-06-27 14:44 - 00000000 ____D C:\Program Files (x86)\Warcraft Logs Uploader

2015-06-27 14:42 - 2015-06-27 14:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia

2015-06-27 14:42 - 2015-06-27 14:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

2015-06-27 14:20 - 2015-06-27 14:20 - 18054744 _____ (Adobe Systems Inc.) C:\Users\Martin\Downloads\AdobeAIRInstaller.exe

2015-06-27 14:20 - 2015-06-27 14:20 - 01371985 _____ C:\Users\Martin\Downloads\warcraftlogs.air

2015-06-25 10:48 - 2015-06-25 10:48 - 00098110 _____ C:\Users\Martin\Downloads\MasterPlan-0.60.zip

2015-06-25 09:48 - 2015-06-25 15:45 - 00000000 ____D C:\Users\Martin\Desktop\AltesIphoneFinal2015

2015-06-24 14:44 - 2015-06-24 14:44 - 02528274 _____ C:\Users\Martin\Downloads\DBM-Core-6.2.0.zip

2015-06-24 07:07 - 2015-06-24 07:33 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel Screens

2015-06-22 02:34 - 2015-06-22 02:34 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-06-22 02:26 - 2015-06-22 02:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup(1).exe

2015-06-22 00:15 - 2015-06-22 00:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup.exe

2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Users\Martin\Downloads\Malwarebytes-Anti-Malware

2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Browser-Security

2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck

2015-06-20 04:05 - 2015-06-20 04:05 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-06-20 04:05 - 2015-06-20 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files\iTunes

2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files\iPod

2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-06-19 19:57 - 2015-06-19 19:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX

2015-06-15 20:07 - 2015-06-15 20:07 - 00000000 _____ C:\Users\Martin\Desktop\Neues Textdokument.txt

2015-06-10 21:36 - 2015-06-10 21:36 - 00202295 _____ C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip

2015-06-10 21:31 - 2015-06-13 20:10 - 00018012 _____ C:\Users\Martin\Desktop\ChamaleonOffbeat.aup

2015-06-10 21:31 - 2015-06-10 21:31 - 00031037 _____ C:\Users\Martin\Desktop\ChamaleonOffbeatSIcherung.aup

2015-06-10 21:31 - 2015-06-10 21:31 - 00000000 ____D C:\Users\Martin\Desktop\ChamaleonOffbeatSIcherung_data

2015-06-10 21:31 - 2015-06-10 21:31 - 00000000 ____D C:\Users\Martin\Desktop\ChamaleonOffbeat_data

2015-06-10 20:37 - 2015-06-10 20:37 - 00001548 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk

2015-06-10 20:37 - 2015-06-10 20:37 - 00001257 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk

2015-06-10 20:37 - 2015-06-10 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2015-06-10 20:36 - 2015-06-10 20:36 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack

2015-06-10 20:35 - 2015-06-10 20:35 - 36127464 _____ (DVDVideoSoft Ltd. ) C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe

2015-06-10 20:33 - 2015-06-10 20:33 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2015-06-10 20:33 - 2015-06-10 20:33 - 00001019 _____ C:\Users\Public\Desktop\Audacity.lnk

2015-06-10 20:33 - 2015-06-10 20:33 - 00000000 ____D C:\Program Files (x86)\Audacity

2015-06-10 20:29 - 2015-06-10 20:29 - 01197344 _____ C:\Users\Martin\Downloads\Audacity - CHIP-Installer.exe

2015-06-10 20:10 - 2015-06-24 15:35 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-06-10 20:10 - 2015-06-24 15:35 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-10 15:44 - 2015-06-10 15:44 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-06-10 15:44 - 2015-06-10 15:44 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-06-10 15:44 - 2015-06-10 15:44 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

2015-06-10 15:44 - 2015-06-10 15:44 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

2015-06-10 15:44 - 2015-06-10 15:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe

2015-06-10 15:44 - 2015-06-10 15:44 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2015-06-10 15:44 - 2015-06-10 15:44 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe

2015-06-10 15:44 - 2015-06-10 15:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll

2015-06-10 15:44 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2015-06-10 15:44 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2015-06-10 15:44 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml

2015-06-10 15:43 - 2015-06-10 15:43 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2015-06-09 01:50 - 2015-06-09 01:50 - 13095136 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\Silverlight_x64 (1).exe

2015-06-09 01:41 - 2015-06-09 01:42 - 13095136 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\Silverlight_x64.exe

2015-06-08 18:48 - 2015-06-08 18:48 - 00000000 ____D C:\Users\Martin\AppData\Local\GWX

2015-06-08 09:56 - 2015-06-25 23:04 - 00000000 ____D C:\Users\Martin\AppData\Roaming\.minecraft

2015-06-08 09:55 - 2015-06-08 10:06 - 00000000 ____D C:\Program Files (x86)\Minecraft

2015-06-08 09:55 - 2015-06-08 09:55 - 02314240 _____ C:\Users\Martin\Downloads\MinecraftInstaller.msi

2015-06-08 09:55 - 2015-06-08 09:55 - 00000973 _____ C:\Users\Public\Desktop\Minecraft.lnk

2015-06-08 09:55 - 2015-06-08 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft

2015-06-08 09:54 - 2015-06-08 09:54 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

2015-06-08 09:54 - 2015-06-08 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-06-08 09:54 - 2015-06-08 09:54 - 00000000 ____D C:\Program Files\Java

2015-06-08 09:48 - 2015-06-08 09:48 - 01197344 _____ C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe

2015-06-07 18:29 - 2015-06-07 18:29 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-06-03 20:35 - 2015-06-03 20:35 - 01594655 _____ C:\Users\Martin\Downloads\ExRT3440.zip

2015-06-03 07:07 - 2015-06-03 07:07 - 00007194 _____ C:\Users\Martin\Desktop\readme.html

2015-06-03 07:06 - 2015-06-03 07:06 - 06471520 _____ (Tim Kosse) C:\Users\Martin\Downloads\FileZilla_3.11.0.1_win64-setup.exe

2015-06-02 02:07 - 2015-06-02 02:07 - 00733320 _____ C:\Users\Martin\Khuz06.02.html

2015-06-02 02:07 - 2015-06-02 02:07 - 00000561 _____ C:\Users\Martin\Desktop\Khuz06.02.html.lnk

2015-06-01 23:10 - 2015-06-02 02:06 - 00000000 ____D C:\Users\Martin\Desktop\simc-612-02-win64

2015-06-01 23:09 - 2015-06-01 23:09 - 32565970 _____ C:\Users\Martin\Desktop\simc-612-02-win64.7z

2015-05-31 02:08 - 2015-05-31 02:08 - 00000874 _____ C:\Users\Martin\AppData\Local\recently-used.xbel
 

==================== One Month Modified files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-06-29 06:16 - 2015-02-25 16:32 - 00000000 ____D C:\Users\Martin\AppData\Local\Battle.net

2015-06-29 06:14 - 2014-10-21 05:20 - 00000000 ____D C:\Users\Martin

2015-06-29 06:14 - 2012-12-13 15:21 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat

2015-06-29 06:03 - 2015-01-13 18:30 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-06-29 06:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru

2015-06-29 05:47 - 2014-04-26 14:55 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-29 05:32 - 2014-10-21 05:10 - 01229766 _____ C:\WINDOWS\WindowsUpdate.log

2015-06-29 00:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-06-29 00:05 - 2012-12-18 20:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\TS3Client

2015-06-28 22:47 - 2014-04-26 14:55 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-28 04:56 - 2012-11-28 11:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-683499341-1041353402-3527594545-1001

2015-06-28 04:42 - 2013-01-07 20:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc

2015-06-27 20:09 - 2014-11-10 18:30 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FileZilla

2015-06-27 14:44 - 2012-12-13 14:40 - 00000000 ____D C:\ProgramData\Adobe

2015-06-27 14:44 - 2012-11-28 10:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Adobe

2015-06-27 14:42 - 2012-12-15 01:20 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe

2015-06-27 14:42 - 2012-12-15 01:14 - 00000000 ____D C:\Program Files (x86)\Adobe

2015-06-26 20:20 - 2014-11-09 03:11 - 00000000 ____D C:\Program Files (x86)\Steam

2015-06-26 14:45 - 2014-10-21 05:10 - 00000000 ____D C:\ProgramData\NVIDIA

2015-06-26 14:45 - 2014-09-23 23:06 - 00021992 _____ C:\WINDOWS\PFRO.log

2015-06-26 14:45 - 2013-08-22 16:46 - 00438109 _____ C:\WINDOWS\setupact.log

2015-06-26 14:45 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-06-26 12:18 - 2013-01-21 05:46 - 00000000 ____D C:\Users\Martin\Desktop\World of Warcraft

2015-06-25 16:05 - 2014-11-06 20:55 - 00000600 _____ C:\Users\Martin\AppData\Local\PUTTY.RND

2015-06-25 15:23 - 2013-11-05 18:27 - 00000000 ____D C:\ProgramData\Origin

2015-06-25 10:26 - 2015-02-12 09:52 - 00000000 ____D C:\Users\Martin\Desktop\Nudeanna

2015-06-24 20:05 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-06-24 07:09 - 2014-09-24 14:11 - 00000000 ____D C:\Users\Martin\Desktop\la fotografia

2015-06-24 04:40 - 2015-02-05 05:24 - 00067082 _____ C:\Users\Martin\Desktop\Email1.odt

2015-06-24 04:15 - 2015-03-01 18:51 - 00000000 ____D C:\Users\Martin\Desktop\Tor Browser

2015-06-23 19:03 - 2015-01-13 18:30 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-06-22 02:35 - 2014-04-17 17:29 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-06-22 02:34 - 2014-04-17 17:28 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-06-22 02:34 - 2014-04-17 17:28 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-06-22 02:34 - 2014-04-17 17:28 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-06-22 02:34 - 2014-04-17 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-06-22 02:34 - 2014-04-17 17:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-06-22 00:02 - 2015-04-24 00:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-06-21 18:53 - 2015-02-25 16:32 - 00000000 ____D C:\Program Files (x86)\Battle.net

2015-06-20 04:08 - 2015-04-21 13:59 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-683499341-1041353402-3527594545-500

2015-06-20 04:05 - 2012-08-21 13:01 - 00125872 _____ (GEAR Software Inc.) C:\WINDOWS\system32\GEARAspi64.dll

2015-06-20 04:05 - 2012-08-21 13:01 - 00106928 _____ (GEAR Software Inc.) C:\WINDOWS\SysWOW64\GEARAspi.dll

2015-06-20 04:04 - 2013-05-16 12:55 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-06-19 08:41 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2015-06-18 01:11 - 2014-12-12 01:19 - 00948588 _____ C:\WINDOWS\system32\Drivers\fvstore.dat

2015-06-17 22:39 - 2014-09-24 08:17 - 02129096 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-06-17 22:39 - 2014-09-24 07:43 - 01025754 _____ C:\WINDOWS\system32\perfh007.dat

2015-06-17 22:39 - 2014-09-24 07:43 - 00245418 _____ C:\WINDOWS\system32\perfc007.dat

2015-06-17 00:44 - 2014-05-01 16:16 - 00000000 ____D C:\Program Files (x86)\Hearthstone

2015-06-13 20:10 - 2013-01-31 03:47 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Audacity

2015-06-11 01:40 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache

2015-06-10 20:37 - 2013-01-07 20:12 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft

2015-06-10 20:36 - 2013-01-07 20:12 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DVDVideoSoft

2015-06-10 20:10 - 2013-08-22 16:44 - 00362840 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-06-10 18:53 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData

2015-06-10 18:52 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2015-06-10 18:48 - 2013-09-18 11:39 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-06-10 18:41 - 2012-12-12 22:46 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-06-08 09:39 - 2015-03-01 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-06-08 09:38 - 2015-04-16 02:36 - 00000000 ____D C:\WINDOWS\system32\appraiser

2015-06-08 09:38 - 2014-09-24 09:43 - 00000000 ___SD C:\WINDOWS\system32\CompatTel

2015-06-08 09:03 - 2015-01-28 00:21 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel.Server

2015-06-08 08:56 - 2014-09-25 16:48 - 00000000 ____D C:\ProgramData\Oracle

2015-06-05 15:36 - 2014-03-25 20:22 - 00820928 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys

2015-06-05 15:36 - 2014-03-25 20:22 - 00126696 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys

2015-06-05 15:36 - 2014-03-25 20:22 - 00035056 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys

2015-06-05 15:36 - 2014-03-25 20:22 - 00020672 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys

2015-06-05 15:34 - 2014-03-25 20:22 - 00576824 _____ (COMODO) C:\WINDOWS\system32\guard64.dll

2015-06-05 15:34 - 2014-03-25 20:22 - 00444448 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll

2015-06-05 15:34 - 2014-03-25 20:22 - 00041224 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll

2015-06-05 15:33 - 2014-03-25 20:22 - 00358080 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll

2015-06-05 15:32 - 2014-03-25 20:22 - 00045760 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll

2015-06-05 15:31 - 2014-03-25 20:22 - 00288448 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll

2015-06-05 15:31 - 2014-03-25 20:22 - 00040640 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll

2015-06-04 17:45 - 2014-06-22 17:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\SimulationCraft

2015-06-03 00:54 - 2013-11-05 18:28 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Origin

2015-06-03 00:53 - 2013-11-05 18:26 - 00000000 ____D C:\Program Files (x86)\Origin

2015-05-31 02:08 - 2013-01-20 00:25 - 00000000 ____D C:\Users\Martin\.gimp-2.8
 

==================== Files in the root of some directories =======
 

2013-06-03 18:24 - 2013-06-03 19:16 - 0000474 _____ () C:\Users\Martin\AppData\Roaming\Poladroid prefs.plist

2014-11-06 20:55 - 2015-06-25 16:05 - 0000600 _____ () C:\Users\Martin\AppData\Local\PUTTY.RND

2015-05-31 02:08 - 2015-05-31 02:08 - 0000874 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel

2014-04-15 20:00 - 2014-04-15 20:00 - 0000017 _____ () C:\Users\Martin\AppData\Local\resmon.resmoncfg

2013-04-25 13:58 - 2014-11-09 02:51 - 0001809 _____ () C:\ProgramData\hpzinstall.log

2015-06-28 04:33 - 2015-06-28 04:33 - 0005005 _____ () C:\ProgramData\wmzddnmb.cix
 

Some files in TEMP:

====================

C:\Users\Martin\AppData\Local\Temp\sdan.exe

C:\Users\Martin\AppData\Local\Temp\sdapk.exe

C:\Users\Martin\AppData\Local\Temp\sdaspwn.exe

C:\Users\Martin\AppData\Local\Temp\Setup-Giga1.exe

C:\Users\Martin\AppData\Local\Temp\WEB.DE_MailCheck_FF_WebSetup_sfs_ki20501.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

Bedauerlicherweise habe ich die im Download vorhandene Textdatei noch während des Scans auf den Desktop verschoben. Nach dem Scan war der Teil noch im Download Ordner. Hoffe das stiftet nicht allzu viel Verwirrung:

Code:

LastRegBack: 2015-06-26 15:07
 

==================== End of log ============================

Die beiden größten Logs musste ich leider als .zip Datei anhängen, ich hoffe das verursacht nicht zuviel Mehraufwand.

Bei GMER bekam ich zwei Fehlermeldungen, die wie folgt lauteten:
C:\WINDOWS\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\Martin\ntuser.dat: "Obiger Text"

Vor Ausführen des GMER Scans habe ich Internet, Antivirus und sonstige Prozesse beendet.
Ich hoffe ich habe alle Informationen richtig zusammengetragen.

Herzlichen Dank schon vorab für die Mühen und Ihre Zeit!

LG
Baane

schrauber

29.06.2015 07:07

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Baane

29.06.2015 20:03

Alles klar mein Fehler, hatte nur im Kopf man solle seinem eigenen Thread nicht antworten, um nicht das Gefühl zu erwecken das Ganze würde bereits bearbeitet werden.
Das Addition Log ist leider deutlich über 300000 Zeichen lang, d.h. ich muss es aufteilen.

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01

Ran by Martin at 2015-06-29 06:17:59

Running from C:\Users\Martin\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-683499341-1041353402-3527594545-500 - Administrator - Enabled) => C:\Users\Administrator

Gast (S-1-5-21-683499341-1041353402-3527594545-501 - Limited - Disabled)

Martin (S-1-5-21-683499341-1041353402-3527594545-1001 - Administrator - Enabled) => C:\Users\Martin
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}

AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)

Adobe Reader XI - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)

Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version:  - )

AMD Catalyst Install Manager (HKLM\...\{2D803279-E321-E6CE-B27D-CD13196FD7CD}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)

Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)

ArtMoney SE v7.40.5 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.40.5 - System SoftLab)

Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.0.5.0 - )

BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

Command and Conquer 3: Tiberium Wars (HKLM-x32\...\Steam App 24790) (Version:  - EA Los Angeles)

Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.0.0 - COMODO)

COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)

D1400 (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden

D1400_Help (x32 Version: 90.0.235.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )

dj_sf_ProductContext (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden

dj_sf_software (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden

dj_sf_software_req (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden

Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)

DVDFab 8.1.7.8 (17/04/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)

Free YouTube to MP3 Converter version 3.12.59.525 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.525 - DVDVideoSoft Ltd.)

FUSSBALL MANAGER 07 (HKLM-x32\...\{3EE2F527-F306-49E9-0086-662C337ADD3B}) (Version:  - )

FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.4.0 - Electronic Arts)

GeekBuddy (HKLM\...\{E98902C5-09AF-487A-AFAE-D4C386F506C0}) (Version: 4.18.121 - Comodo Security Solutions Inc)

GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Deskjet Printer Driver Software (HKLM\...\{7262D84B-A6AA-40D2-B8DE-56B10EE28BE1}) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)

HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)

Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )

League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden

Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)

Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.05.000 - SEGA)

Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.05.000 - SEGA)

Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.05.000 - SEGA)

Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.05.000 - SEGA)

Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

Movavi Video Editor 10 (HKLM-x32\...\Movavi Video Editor 10) (Version: 10.2.0 - Movavi)

Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)

MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)

NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)

NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)

Origin (HKLM-x32\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.)

PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version:  - CPUID)

phase-6 2.3.3 (HKLM-x32\...\phase-6) (Version: 2.3.3 - phase-6)

Poladroid (HKLM-x32\...\{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}) (Version: 0.9.6.0 - Poladroid.net)

Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)

Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)

Schwert und Speer Ultimat (HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Schwert und Speer Ultimat) (Version:  - )

SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden

Simulationcraft(x64) version 6.1.2.01 (HKLM-x32\...\{AC025546-B7C5-45A7-B16A-80AE482CBB01}_is1) (Version: 6.1.2.01 - Simulationcraft)

Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)

SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.02.0000 - Electronic Arts)

SPORE™ Süß & Schrecklich Ergänzungs-Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)

Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)

Star Wars(TM): Knights of the Old Republic (TM) (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )

Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)

Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

TSLRCM 1.8.1 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version:  - )

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 3.57 - UNKNOWN)

Warcraft Logs Uploader (x32 Version: 3.57 - UNKNOWN) Hidden

WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.0.0.0 - 1&1 Mail & Media GmbH)

WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)

WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version:  - Team17 Digital Ltd.)
 

==================== Custom CLSID (Whitelisted): ==========================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== Restore Points =========================
 

08-06-2015 09:49:41 Removed Java 8 Update 45 (64-bit)

15-06-2015 23:33:43 Geplanter Prüfpunkt

24-06-2015 07:57:49 Geplanter Prüfpunkt
 

==================== Hosts content: ===============================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (Whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Task: {03A8CF97-D768-47B8-AF76-7AB7414FDCF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {11F56EFD-CA88-4F67-8EF4-D5D7478EF6DB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)

Task: {16DB4709-8924-425B-AF82-3258634D2B0C} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)

Task: {613D5DDA-C2B0-4509-B56F-8A30E12F581C} - System32\Tasks\{1F44A87C-7151-42FA-AA63-825AF8DCFC7C} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=battle.net --displayname="Battle.net"

Task: {67DDB5D0-C2D2-4151-BD31-56BDFF0D69D5} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)

Task: {6FDE2293-CB09-483B-8541-13D397BB31AE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)

Task: {707C964D-4452-41CA-911A-6F03F553846E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)

Task: {911F4F22-C7EB-4101-BF01-74C277E2D150} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26] (Google Inc.)

Task: {93520BA5-97A4-4B1F-9980-4CEC3E3CB593} - System32\Tasks\{9CBB7376-FECB-4CF2-9328-3A9446A741EE} => pcalua.exe -a "C:\Users\Martin\Desktop\Age of Empires II\DPLAY61A.EXE" -d "C:\Users\Martin\Desktop\Age of Empires II"

Task: {9DC035A1-A0E9-405D-9794-E7B51FC58190} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-10] (COMODO)

Task: {B0342DA8-9259-43D1-B121-059857C43FB6} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)

Task: {B06942A5-D02F-4193-974E-786E735B8FEC} - System32\Tasks\{8D3C155F-8CDE-478B-9586-69C7C4A4FA69} => pcalua.exe -a "C:\Users\Martin\Desktop\Age of Empires II\UNINSTAL.EXE" -d "C:\Users\Martin\Desktop\Age of Empires II"

Task: {BEB83050-FED7-4B0F-9AE3-395CB9B65C2D} - System32\Tasks\{3D53AAC9-3BB7-4029-832E-415FF26960E0} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup

Task: {C7A6292C-26F5-4B37-AC94-A43C2CB5578B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-10] (COMODO)

Task: {E5416F4D-6168-46CA-9E75-9236F2DAEAE4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks

Task: {F74496B4-C62E-4222-B361-E96A2BF9BECC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26] (Google Inc.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (Whitelisted) ==============
 

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-10-21 05:10 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-04-15 18:39 - 2015-01-09 00:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav

2015-06-20 23:07 - 2015-06-20 23:07 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\libcef.dll

2015-06-20 23:07 - 2015-06-20 23:07 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\libGLESv2.dll

2015-06-20 23:07 - 2015-06-20 23:07 - 00909312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\platforms\qwindows.dll

2015-06-20 23:07 - 2015-06-20 23:07 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\libEGL.dll

2015-06-20 23:07 - 2015-06-20 23:07 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\imageformats\qgif.dll

2015-06-20 23:07 - 2015-06-20 23:07 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\imageformats\qico.dll

2015-06-20 23:07 - 2015-06-20 23:07 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\imageformats\qjpeg.dll

2015-06-20 23:07 - 2015-06-20 23:07 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\imageformats\qmng.dll

2015-06-20 23:07 - 2015-06-20 23:07 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\imageformats\qsvg.dll

2015-06-20 23:07 - 2015-06-20 23:07 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\imageformats\qtiff.dll

2015-06-20 23:07 - 2015-06-20 23:07 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\qml\QtQuick.2\qtquick2plugin.dll

2015-06-20 23:07 - 2015-06-20 23:07 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\qml\QtQuick\Layouts\qquicklayoutsplugin.dll

2015-06-20 23:07 - 2015-06-20 23:07 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\qml\QtQml\Models.2\modelsplugin.dll

2015-06-22 19:48 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll

2015-06-22 19:48 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll

2015-06-22 19:48 - 2015-06-20 07:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
 

==================== Alternate Data Streams (Whitelisted) =========
 

(If an entry is included in the fixlist, only the ADS will be removed.)
 

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\calc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentServer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvcp120.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID

Baane

29.06.2015 20:04

Addition Fortsetzung:

Code:

AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlaapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0002.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0020.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\StorageContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdfcoinstaller01009.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMPhoto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\authz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID

Baane

29.06.2015 20:06

Addition Fortsetzung 2:

Code:

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DDORes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dplaysvr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dplayx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dpmodemx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dpwsockx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nlaapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PCWizard.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\untfs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPhoto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\netaapl64.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbvideo.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Desktop\11125581_879133678841918_1681933074_n.jpg:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\aKBPg9Q_700b.jpg:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\Antrag_Ruecktritt_neu.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\aw7b9RB_700b_v1.jpg:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\CIZASwlUAAAU4Fz.png:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\FLT_SDP3B65535_0.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\Forschungsfrage.docx:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\how-to-draw-house-targaryen-house-targaryen-dragon_1_000000015929_5.png:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\kathi konfi.zip:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Desktop\kathi konfi.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\simc-612-02-win64.7z:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Desktop\simc-612-02-win64.7z:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\synced-gaming_launcher_gray.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\U3O8wIm.png:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\yahoo_contacts.csv:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\01 Erstes Ubungsblatt.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\01 Erstes Ubungsblatt.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\01 Introduction.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\01 Introduction.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\04 Viertes Ubungsblatt.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\04 Viertes Ubungsblatt.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\09 2014_11_19_Datenschutz- und Datensicherheit.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\09 2014_11_19_Datenschutz- und Datensicherheit.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\111-Orte-in-Nürnberg.ods:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\11_VL_BA_ESF II_Kap7-I.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\11_VL_BA_ESF II_Kap7-I.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\1_Introduction to IR.ppt:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\1_Introduction to IR.ppt:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\2_Theorie_Hypothesen_M+S I_SoSe15.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\3_VL_BA_ESF II_Kap3.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\3_VL_BA_ESF II_Kap3.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ActivePython-2.7.2.5-win64-x64.msi:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\ActivePython-2.7.2.5-win64-x64.msi:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\AdobeAIRInstaller.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\AdobeAIRInstaller.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\adwcleaner_4.109.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\adwcleaner_4.111.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Altoholic_v6.1.001.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Ankuendigung_Vortrag.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Ankuendigung_Vortrag.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Annahme von Willenserklarungen.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Annahme von Willenserklarungen.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Auctionator_0323.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Audacity - CHIP-Installer.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\BA-MHB-WS-2014-15.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\BA-MHB-WS-2014-15.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Bartender4-4.6.7.zip:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Bartender4-4.6.7.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Bartender4-4.6.8.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Battle.net-Setup-deDE(1).exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Battle.net-Setup-deDE.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Battle.net-Setup-deDE.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\BGH NJW 2014, 1805.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\BGH NJW 2014, 1805.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Chronik 1970-1995.online.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Chronik 1970-1995.online.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.0.15 (1).zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.0.15.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.1.0.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.1.4.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.1.8.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.2.0.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Defogger.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Defogger.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Der Verbraucherbegriff nach der Umsetzung der Verbraucherrechterichtlinie.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Der Verbraucherbegriff nach der Umsetzung der Verbraucherrechterichtlinie.pdf:$CmdZnID

Baane

29.06.2015 20:07

Addition letzter Teil:

Code:

AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 1 mit Losung.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 1 mit Losung.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 12 mit Losung.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 12 mit Losung.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 14 mit Losung.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 14 mit Losung.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\elvui-7.86.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\elvui-8.10.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap1-2.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap1-2.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2a3-Wdh.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2a3-Wdh.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap3.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap3.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ExRT3440.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.10.0.1_win32-setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.10.1.1_win32-setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.10.3_win64-setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.11.0.1_win64-setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.11.0.2_win64-setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Firefox_Setup_36.0.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Firefox_Setup_36.0.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\FLT_SDP3B65535_0.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag GfK Siegfried Hogl.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag GfK Siegfried Hogl.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag PaG Helen Saade a Andreas Onnen.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag PaG Helen Saade a Andreas Onnen.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\foxyproxy_standard-4.5-sm_tb_fx (1).zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\foxyproxy_standard-4.5-sm_tb_fx.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\FRST64.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\FRST64.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(2).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(2).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen-Ökonometrie-Kapitel-4.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen-Ökonometrie-Kapitel-4.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundwissen Bereicherungsrecht Grundtypen der Kondiktionen.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundwissen Bereicherungsrecht Grundtypen der Kondiktionen.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Hohmeyer_Wolff 2010_uebung7.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Hohmeyer_Wolff 2010_uebung7.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung3.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung3.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung4.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung4.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 2.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 2.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 3.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 3.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 4.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 4.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 5.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 5.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 9.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 9.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel Nr. 14.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel Nr. 14.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\kauf_828948_94ea886e901a.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Klausur 10ECTS.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Klausur 10ECTS.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Klausur WS 2010_11.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Klausur WS 2010_11.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Klausurvorbereitung WS14_15.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Klausurvorbereitung WS14_15.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\kw_09_08.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\kw_09_08.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Lerneinheit 1.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Lerneinheit 1.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\LOL_OPGG_Observer_2125424600_spectate.bat:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Losungshinweise Tutoriumseinheit 1.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Losungshinweise Tutoriumseinheit 1.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\MasterPlan-0.33.zip:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\MasterPlan-0.33.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\MasterPlan-0.60.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Mathe-Leitfaden.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Mathe-Leitfaden.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup(1).exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup(1).exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ME09-HMM.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\ME09-HMM.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Merkblatt_BA.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Merkblatt_BA.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\MikroWiSe0910_ProbeklausurLsg.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\MikroWiSe0910_ProbeklausurLsg.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\MinecraftInstaller.msi:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.jar:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.jar:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\MovaviVideoEditorSetupC.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Münch0.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\natuerlicherLogarithmus.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\natuerlicherLogarithmus.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\PO_Bachelorstudiengaenge_JULI2014.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\PO_Bachelorstudiengaenge_JULI2014.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(2).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(2).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht-1.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht-1.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Probeklausur_Absatz.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Probeklausur_Absatz.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\PuTTY - CHIP-Installer.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\rcsetup151_slim.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Rechenweg Markov-Modell.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Rechenweg Markov-Modell.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SG TCP Optimizer - CHIP-Installer.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SilverDragon-v3.1.5.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64 (1).exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64 (1).exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-02-Win64.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-02-Win64.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-07-Win64.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-07-Win64.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-612-01-Win64.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-612-01-Win64.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Skada-1.4-29.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Skada-1.4-30.zip:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Skada-1.4-30.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SkypeSetup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\SkypeSetup.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_0.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_0.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_2.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_2.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_3.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_3.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_4.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_4.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_5.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_5.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(2).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(2).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Stata Einfuehrung.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Stata Einfuehrung.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\statistik_i_5b.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(2).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(2).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\studbesch_51F4B0EB5169D943B9D28A074E0B21AB.cit-prod-tomcat4.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SUPERAntiSpyware.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\SUPERAntiSpyware.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\TellMeWhen-7.3.1.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ThogarAssist-v6.0.3-9.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\TidyPlates_6_16_1.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Tor Browser Paket - CHIP-Installer.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\torbrowser-install-4.0.4_de.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\torbrowser-install-4.0.4_de.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Tutoriumsskript.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Tutoriumsskript.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubersicht Willenserklarung.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubersicht Willenserklarung.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 1.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 1.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 7.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 7.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\uebungsskript_deskriptivstatistik_teil_v.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\uebungsskript_deskriptivstatistik_teil_v.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\uetraeger_CEE4D33C2C43F20F6D37F228BA04ADA9.cit-prod-tomcat8.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\uetraeger_CEE4D33C2C43F20F6D37F228BA04ADA9.cit-prod-tomcat8.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\vkw01_jaeckel.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\VWL_SP.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\VWL_SP.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\warcraftlogs.air:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\WeakAuras-2.1.0.3.zip:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\WeakAuras-2.1.0.3.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\WIM-3.6.26.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\WI_SP.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\WI_SP.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\yab.pdf:$CmdZnID
 

==================== Safe Mode (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (Whitelisted) ===============
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 

==================== Internet Explorer trusted/restricted ===============
 

(If an entry is included in the fixlist, it will be removed from the registry.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg

DNS Servers: 8.8.8.8
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\Services: !SASCORE => 2

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\Services: BBSvc => 2

MSCONFIG\Services: BBUpdate => 3

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: CLPSLauncher => 2

MSCONFIG\Services: DragonUpdater => 2

MSCONFIG\Services: Fax => 3

MSCONFIG\Services: Futuremark SystemInfo Service => 3

MSCONFIG\Services: GeekBuddyRSP => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: hpqcxs08 => 3

MSCONFIG\Services: hpqddsvc => 2

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: MpsSvc => 2

MSCONFIG\Services: Origin Client Service => 3

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: Steam Client Service => 3

MSCONFIG\Services: TapiSrv => 3

HKLM\...\StartupApproved\StartupFolder: => "phase-6 Reminder.lnk"

HKLM\...\StartupApproved\Run: => "CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "icq"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "ApplePhotoStreams"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "Facebook Update"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "iCloudServices"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 

==================== FirewallRules (Whitelisted) ===============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{02D57F51-8721-43AC-9355-AC8974F0F22E}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe

FirewallRules: [{39EBE1F9-B99F-4E57-A5E3-D62B0C2BCF02}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe

FirewallRules: [{0DCBD549-6F91-4DF7-B836-FF9628497B16}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe

FirewallRules: [{FBCFE49C-8A63-411A-8BE5-0A6D3DB2F36B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe

FirewallRules: [{90CA87E5-157E-494E-9355-DF672FFDB890}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe

FirewallRules: [{2FA9B299-DFE8-41CD-AEAB-5A17A3C24E80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe

FirewallRules: [{A9C6B674-AEC7-437E-8F66-BBDE4452FBC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe

FirewallRules: [{1D33D7D0-AB4B-46AA-97FD-1FF2B9DD0A1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe

FirewallRules: [{5EE15B18-3207-4DDD-A976-DC43052C0A23}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe

FirewallRules: [{7AA757CE-122F-4080-B777-83ED413F2EAB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe

FirewallRules: [{DA10CD7D-0F14-4AD1-9DB9-15B02C9C0A10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe

FirewallRules: [{C4DA08AB-C471-4CFD-BD01-45666B1A3DA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

FirewallRules: [{3806AE6A-905D-4E92-B896-26C0A31CFA8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe

FirewallRules: [{680C0A7D-B498-48C6-BDCF-C7398C1E1A25}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe

FirewallRules: [{49CE7598-A5B8-4583-8652-A0C26A48A510}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

FirewallRules: [{303D534E-28D4-4291-B3A4-EA926A4409C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

FirewallRules: [{127FAB27-1219-427A-82DF-CE36D947AE1A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{ADB36031-1001-48FC-B5FC-951C11D82717}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{EDEE1807-4F04-4563-A103-2750D7FD175E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe

FirewallRules: [{6AD0F808-A318-4320-894E-FE85A50CA8ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe

FirewallRules: [{6A1CF1E4-4EA6-40D4-9414-DF30E202263C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe

FirewallRules: [{74AAFFF7-279F-46FC-AC77-72363C337B35}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe

FirewallRules: [{16D8F0D2-30D4-4F17-A129-625C0AA1FA1E}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

FirewallRules: [{88FE9E0E-8B74-4769-99C6-92C205DE5B63}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

FirewallRules: [{0B0FE71F-FBFB-4A40-A22D-CED211C4D614}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

FirewallRules: [{004DA7F5-C6F2-4CBC-BE57-4F04AB43B916}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

FirewallRules: [{1FF83A51-E093-4276-B60F-67F513D9E8B3}] => (Allow) C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\game.dat

FirewallRules: [{14DBD80B-5884-4BF8-B6A0-EA2D5F0A7983}] => (Allow) C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\game.dat

FirewallRules: [UDP Query User{F54B3F50-8DF3-4652-9BAA-B7DDF09DA187}C:\sierra\empire earth\empire earth.exe] => (Block) C:\sierra\empire earth\empire earth.exe

FirewallRules: [TCP Query User{0C62ED83-576D-457A-B7C0-A088E3EA3EC7}C:\sierra\empire earth\empire earth.exe] => (Block) C:\sierra\empire earth\empire earth.exe

FirewallRules: [{316D42C9-B326-4EEB-B44E-18793AE48082}] => (Block) C:\windows\syswow64\dplaysvr.exe

FirewallRules: [{CCEB3FCE-7535-4796-8BAF-C5FB36AC6E35}] => (Block) C:\windows\syswow64\dplaysvr.exe

FirewallRules: [UDP Query User{392CEE40-8F43-4093-97AA-800C2FE046D6}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe

FirewallRules: [TCP Query User{E519B489-A61F-464F-A124-E9A03495E6DC}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe

FirewallRules: [UDP Query User{9DBBB315-5690-4D84-B9B1-5710BB63AD1F}C:\users\martin\desktop\age of empires ii\empires2.exe] => (Allow) C:\users\martin\desktop\age of empires ii\empires2.exe

FirewallRules: [TCP Query User{1C597B41-EB89-48C9-9D97-6420B831FB68}C:\users\martin\desktop\age of empires ii\empires2.exe] => (Allow) C:\users\martin\desktop\age of empires ii\empires2.exe

FirewallRules: [{AD4DFDF2-9BB2-4667-9AAA-8FC23F15705F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{FF5BCB0F-472B-4E53-89BA-74301083D8E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe

FirewallRules: [{57D1A7B3-8418-4E14-AF88-92FEF5CBFF84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe

FirewallRules: [{20E9758E-58EC-46AB-8D2F-FBB1660753FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe

FirewallRules: [{7CA94948-D896-4A24-B500-8635CC843B88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe

FirewallRules: [UDP Query User{1A7E808A-E3FC-494B-8EFF-E189AF6C23D1}C:\programdata\battle.net\agent\agent.1544\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1544\agent.exe

FirewallRules: [TCP Query User{6CCE4378-FF17-41FA-AC7B-79869D9C399B}C:\programdata\battle.net\agent\agent.1544\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1544\agent.exe

FirewallRules: [{017312AA-990D-4692-92D4-1E52DF0CF2D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\panfa6\counter-strike source\hl2.exe

FirewallRules: [{FAA7DE77-8B26-453B-8B30-A397AFE21C85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\panfa6\counter-strike source\hl2.exe

FirewallRules: [{BF8F0F0B-4922-4486-9C3E-B01A23FA8832}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{3F48413D-58DF-4D26-95C0-E17E9BB977CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{ACB6E90E-C40C-41A8-BA8E-3BC3B84BD69F}] => (Allow) C:\Users\Martin\AppData\Roaming\ICQM\icq.exe

FirewallRules: [{F30936EF-F6CF-49FC-B956-2E79BBE9596C}] => (Allow) C:\Users\Martin\AppData\Roaming\ICQM\icq.exe

FirewallRules: [{CE05D2C9-A416-4F88-A6C6-06094A9DC88A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe

FirewallRules: [{E42A538C-813C-4601-B233-E0E85EB432C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe

FirewallRules: [UDP Query User{21A5FFF9-3EEA-4A9F-9FAC-72404907F704}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1040\agent.exe

FirewallRules: [TCP Query User{C20AA7FF-44FF-4C08-8A6E-1836B5FB2F40}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1040\agent.exe

FirewallRules: [{132E2013-3982-42B1-94B6-6DE7997AAEE0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe

FirewallRules: [{E305D310-F8CF-4388-B03A-BC8EDFC50195}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe

FirewallRules: [{0E77881C-D498-41E4-AA64-363B76DA1842}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe

FirewallRules: [{48B81B0A-2D7C-494B-8F41-84915939ED39}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe

FirewallRules: [{647F9546-8E20-4F1C-87D6-3104050C7FF4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{E52C813F-E311-44E1-9DB5-A0919633E0BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{0BAA4276-8EDD-4075-A529-01B57A915004}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{7A0FB5D1-6E28-4C2E-B53C-E423B9985F38}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{1E556905-A747-4C78-92E0-574F71E9E68D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{F66F3367-4F79-4B43-9895-6F16639B14E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [TCP Query User{D0DB1B0E-F898-49A3-A4ED-B6848B73CAAD}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe

FirewallRules: [UDP Query User{384533A7-3315-4188-9247-39FA9D0AA920}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe

FirewallRules: [{6EAD6FBE-7231-49CE-A226-AAB9D82FD8BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{B4712EF8-87AF-482F-AE68-27B5A9F6BEA7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{E5C663FA-14C0-4A0A-80AA-7127CA2ACCA3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{B7BEC7B2-B43C-4DB0-8DF8-2AAB2AED4A32}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{962C5C41-08F0-45FB-990B-10CA0D7148CD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{C69CA34E-EB7F-4AF7-A3C0-F495E661178B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [TCP Query User{D274668E-31F5-4F51-AD80-CDE8FDFCB6F8}E:\worms\steamapps\common\worms armageddon\wa.exe] => (Allow) E:\worms\steamapps\common\worms armageddon\wa.exe

FirewallRules: [UDP Query User{36EB450B-38BF-495B-8657-251BAB95425D}E:\worms\steamapps\common\worms armageddon\wa.exe] => (Allow) E:\worms\steamapps\common\worms armageddon\wa.exe

FirewallRules: [{95E5B99A-85EB-4A20-956C-B521D2C3572D}] => (Block) E:\worms\steamapps\common\worms armageddon\wa.exe

FirewallRules: [{C58AB113-FBC1-4E43-BF27-29389EEA65D3}] => (Block) E:\worms\steamapps\common\worms armageddon\wa.exe

FirewallRules: [TCP Query User{D5536BF9-78D2-472E-A58A-A382742F099A}C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe

FirewallRules: [UDP Query User{CD626AB9-EA54-483B-9960-73191AE832CC}C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe

FirewallRules: [TCP Query User{CFCEE9D2-ABC3-47BB-9FC4-859F44B2C050}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [UDP Query User{D1EB3061-FC2A-451E-BB97-44A1E53560FD}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [TCP Query User{300E592E-F3C0-4493-9395-4C581ABF1662}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [UDP Query User{60F50F99-1506-4B8D-AA01-E7CA45347A42}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [{95E8E020-EE04-4EB7-8D0B-2731955A9B7E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{0A660151-1DAC-4011-B0E4-8F427F0E353C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{7F1C0906-B7F2-434D-AE7E-1163E8AD8E84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{239FA175-4E42-431E-A03F-6BE1C07EAA56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{40918112-C08B-4B28-9289-A7D0AB6B9C43}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

FirewallRules: [{A93F574D-3825-4AF8-B679-4E634D7012AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{6FBC854D-003E-49F0-B283-5FE2D0671862}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{DF0C41C7-03E3-43C2-B154-82FA0A25BCDA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe

FirewallRules: [{61569E20-01D1-4E3A-81F1-E086C5244365}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe

FirewallRules: [{79434C34-E8F0-4B02-A056-722D3BCEC498}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe

FirewallRules: [{E647FDC6-6027-439D-A4CC-6D7693988E15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe

FirewallRules: [{300D65B0-A1D7-4988-AB3C-88719DDC17E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/29/2015 00:41:36 AM) (Source: Perflib) (EventID: 1015) (User: )

Description: PerfProcC:\WINDOWS\System32\perfproc.dll0
 

Error: (06/29/2015 00:41:27 AM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/27/2015 11:24:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 3.1.2000.0, Zeitstempel: 0x545adf9d

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336

Ausnahmecode: 0xc0000142

Fehleroffset: 0x00000000000ec180

ID des fehlerhaften Prozesses: 0x1600

Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0

Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1

Pfad des fehlerhaften Moduls: nvstreamsvc.exe2

Berichtskennung: nvstreamsvc.exe3

Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5
 

Error: (06/27/2015 01:02:03 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/26/2015 08:19:28 PM) (Source: Steam Client Service) (EventID: 1) (User: )

Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe
 

Error: (06/26/2015 00:12:14 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/26/2015 03:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 43.0.2357.130, Zeitstempel: 0x5584c777

Name des fehlerhaften Moduls: delegate_execute.exe, Version: 43.0.2357.130, Zeitstempel: 0x5584c777

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0002aaef

ID des fehlerhaften Prozesses: 0x4168

Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0

Pfad der fehlerhaften Anwendung: delegate_execute.exe1

Pfad des fehlerhaften Moduls: delegate_execute.exe2

Berichtskennung: delegate_execute.exe3

Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5
 

Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1005) (User: )

Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:

Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten

Speichertreibern, oder der Datenträger fehlt.

Das Programm FUSSBALL MANAGER 13 wurde wegen dieses Fehlers geschlossen.
 

Programm: FUSSBALL MANAGER 13

Datei: 
 

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.

Benutzeraktion

1. Öffnen Sie die Datei erneut.

Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.

2.

Wenn Sie weiterhin nicht auf die Datei zugreifen können und

        - diese sich im Netzwerk befindet, 

dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.

        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.

3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.

4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.

5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 

Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
 

Zusätzliche Daten

Fehlerwert: 00000000

Datenträgertyp: 0
 

Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: Manager13.exe, Version: 1.0.4.0, Zeitstempel: 0x026d3040

Name des fehlerhaften Moduls: Manager13.exe, Version: 1.0.4.0, Zeitstempel: 0x026d3040

Ausnahmecode: 0xc000001d

Fehleroffset: 0x014f5fb0

ID des fehlerhaften Prozesses: 0x2c1c

Startzeit der fehlerhaften Anwendung: 0xManager13.exe0

Pfad der fehlerhaften Anwendung: Manager13.exe1

Pfad des fehlerhaften Moduls: Manager13.exe2

Berichtskennung: Manager13.exe3

Vollständiger Name des fehlerhaften Pakets: Manager13.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Manager13.exe5
 

Error: (06/25/2015 09:24:56 AM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 
 

System errors:

=============

Error: (06/29/2015 00:41:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: microsoft.windowscommunicationsapps
 

Error: (06/29/2015 00:41:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingFoodAndDrink
 

Error: (06/29/2015 00:41:06 AM) (Source: DCOM) (EventID: 10010) (User: Koppmann)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 

Error: (06/29/2015 00:40:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingNews
 

Error: (06/29/2015 00:40:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingTravel
 

Error: (06/29/2015 00:40:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingWeather
 

Error: (06/29/2015 00:40:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.SkypeApp
 

Error: (06/29/2015 00:40:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingFinance
 

Error: (06/29/2015 00:40:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingHealthAndFitness
 

Error: (06/29/2015 00:40:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingSports
 
 

Microsoft Office:

=========================

Error: (06/29/2015 00:41:36 AM) (Source: Perflib) (EventID: 1015) (User: )

Description: PerfProcC:\WINDOWS\System32\perfproc.dll0
 

Error: (06/29/2015 00:41:27 AM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/27/2015 11:24:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: nvstreamsvc.exe3.1.2000.0545adf9dntdll.dll6.3.9600.17736550f4336c000014200000000000ec180160001d0b11f998b4bd2C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\WINDOWS\SYSTEM32\ntdll.dlld8396700-1d12-11e5-819e-3085a99e46fb
 

Error: (06/27/2015 01:02:03 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/26/2015 08:19:28 PM) (Source: Steam Client Service) (EventID: 1) (User: )

Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe
 

Error: (06/26/2015 00:12:14 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/26/2015 03:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: delegate_execute.exe43.0.2357.1305584c777delegate_execute.exe43.0.2357.1305584c777c00000050002aaef416801d0afacb4d5c99bC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\delegate_execute.exef8df3904-1b9f-11e5-819d-3085a99e46fb
 

Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1005) (User: )

Description: FUSSBALL MANAGER 13000000000
 

Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Manager13.exe1.0.4.0026d3040Manager13.exe1.0.4.0026d3040c000001d014f5fb02c1c01d0af4afb4bbeb4C:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exeC:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exe3d4584eb-1b3e-11e5-819d-3085a99e46fb
 

Error: (06/25/2015 09:24:56 AM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 
 

CodeIntegrity Errors:

===================================

  Date: 2015-06-29 06:14:06.269

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-06-29 06:07:14.055

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-06-29 04:45:58.055

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-06-29 03:11:07.895

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-06-28 18:09:52.869

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-06-28 07:06:08.109

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-06-28 06:58:01.375

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-06-28 03:52:33.992

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-06-28 02:07:54.147

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-06-28 01:46:36.524

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 

==================== Memory info =========================== 
 

Processor: AMD FX(tm)-4100 Quad-Core Processor 

Percentage of memory in use: 43%

Total physical RAM: 8120.43 MB

Available physical RAM: 4592.79 MB

Total Pagefile: 9875.43 MB

Available Pagefile: 5150.89 MB

Total Virtual: 131072 MB

Available Virtual: 131071.78 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:930.56 GB) (Free:377.74 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: B97C5BC3)
 

Partition: GPT Partition Type.
 

==================== End of log ============================

Baane

29.06.2015 20:10

GMER Teil 1:

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2015-06-29 06:26:53

Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002c WDC_WD10 rev.80.0 931,51GB

Running: Gmer-19357.exe; Driver: C:\Users\Martin\AppData\Local\Temp\awdyqpoc.sys
 
 

---- Kernel code sections - GMER 2.1 ----
 

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                                      fffff960001fbd00 15 bytes [00, A9, F3, 01, 80, 64, 6D, ...]

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                                                                 fffff960001fbd10 11 bytes [00, 91, FC, FF, 00, BF, CA, ...]
 

---- User code sections - GMER 2.1 ----
 

.text   C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                           00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                   00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                         00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                            00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                    00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                      00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                         00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                       00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                          00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                  00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                    00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                                                       00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7bee60]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetParent                                                                                        00007ff816201220 6 bytes {JMP QWORD [RIP+0x79ee10]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                                                 00007ff816201230 6 bytes {JMP QWORD [RIP+0x71ee00]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendInput                                                                                        00007ff816201240 6 bytes {JMP QWORD [RIP+0x6fedf0]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                                               00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7deb50]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!BlockInput                                                                                       00007ff816201530 6 bytes {JMP QWORD [RIP+0x7feb00]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                                                   00007ff816201c90 6 bytes {JMP QWORD [RIP+0x83e3a0]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                                          00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x77e380]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                                                     00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3bcc40]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                                               00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3fca90]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                                          00007ff816204311 5 bytes {JMP QWORD [RIP+0x47bd20]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                                            00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x87ab50]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                                                     00007ff816205720 6 bytes {JMP QWORD [RIP+0x43a910]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                                             00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4b9d80]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                                00007ff816206390 6 bytes {JMP QWORD [RIP+0x319ca0]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                                                   00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x376c60]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!mouse_event                                                                                      00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2d6130]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                                               00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                                           00007ff81620b7f4 2 bytes [69, 00]

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                                                  00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7302b0]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                                            00007ff816213740 6 bytes {JMP QWORD [RIP+0x84c8f0]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                                                   00007ff816213c60 5 bytes [FF, 25, D0, C3, 34]

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                                                     00007ff816214610 6 bytes {JMP QWORD [RIP+0x88ba20]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                                                 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x74b4b0]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                                              00007ff816217101 5 bytes {JMP QWORD [RIP+0x328f30]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                                               00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3baa80]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                                                     00007ff816225920 6 bytes {JMP QWORD [RIP+0x37a710]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                                                     00007ff816226190 6 bytes {JMP QWORD [RIP+0x3f9ea0]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                                                    00007ff816234520 6 bytes {JMP QWORD [RIP+0x88bb10]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                                              00007ff816236480 6 bytes {JMP QWORD [RIP+0x6a9bb0]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                                               00007ff81623c620 6 bytes {JMP QWORD [RIP+0x643a10]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                                                 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7e1080]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                                              00007ff81623f600 6 bytes {JMP QWORD [RIP+0x420a30]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                                00007ff816260f60 6 bytes {JMP QWORD [RIP+0x29f0d0]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!keybd_event                                                                                      00007ff816289620 6 bytes {JMP QWORD [RIP+0x236a10]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                                              00007ff816290f30 6 bytes {JMP QWORD [RIP+0x62f100]}

.text   C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                                             00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x40e740]}

.text   C:\WINDOWS\system32\svchost.exe[880] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                         00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\svchost.exe[880] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\svchost.exe[880] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                       00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\svchost.exe[880] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                          00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\system32\svchost.exe[880] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                  00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\system32\svchost.exe[880] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                    00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\system32\nvvsvc.exe[1000] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                         00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\nvvsvc.exe[1000] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\nvvsvc.exe[1000] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                       00007ff81569ef70 5 bytes JMP 00007ff9156200d8

.text   C:\WINDOWS\system32\nvvsvc.exe[1000] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                          00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xaf6ce0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[1000] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                  00007ff8156da520 6 bytes {JMP QWORD [RIP+0xcb5b10]}

.text   C:\WINDOWS\system32\nvvsvc.exe[1000] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                    00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0xaf4080]}

.text   C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                                                      00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7aee60]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetParent                                                                                       00007ff816201220 4 bytes [FF, 25, 10, EE]

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetParent + 5                                                                                   00007ff816201225 1 byte [00]

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                                                00007ff816201230 6 bytes {JMP QWORD [RIP+0x70ee00]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendInput                                                                                       00007ff816201240 6 bytes {JMP QWORD [RIP+0x6eedf0]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                                              00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7ceb50]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!BlockInput                                                                                      00007ff816201530 6 bytes {JMP QWORD [RIP+0x7eeb00]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                                                  00007ff816201c90 6 bytes {JMP QWORD [RIP+0x82e3a0]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                                         00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x76e380]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                                                    00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                                              00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                                         00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                                           00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x86ab50]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                                                    00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                                            00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                               00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                                                  00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!mouse_event                                                                                     00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                                              00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                                          00007ff81620b7f4 2 bytes [68, 00]

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                                                 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7202b0]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                                           00007ff816213740 6 bytes {JMP QWORD [RIP+0x83c8f0]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                                                  00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                                                    00007ff816214610 6 bytes {JMP QWORD [RIP+0x87ba20]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                                                00007ff816214b80 6 bytes {JMP QWORD [RIP+0x73b4b0]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                                             00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                                              00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                                                    00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                                                    00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                                                   00007ff816234520 6 bytes {JMP QWORD [RIP+0x87bb10]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                                             00007ff816236480 6 bytes {JMP QWORD [RIP+0x699bb0]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                                              00007ff81623c620 6 bytes {JMP QWORD [RIP+0x633a10]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                                                00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7d1080]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                                             00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                               00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!keybd_event                                                                                     00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                                             00007ff816290f30 6 bytes {JMP QWORD [RIP+0x61f100]}

.text   C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                                            00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIf3                                                                            00007ff815e74fc0 6 bytes {JMP QWORD [RIP+0x50b070]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                                           00007ff815e8fe20 6 bytes {JMP QWORD [RIP+0x350210]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                                                      00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7bee60]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetParent                                                                                       00007ff816201220 6 bytes {JMP QWORD [RIP+0x79ee10]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                                                00007ff816201230 6 bytes {JMP QWORD [RIP+0x71ee00]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendInput                                                                                       00007ff816201240 6 bytes {JMP QWORD [RIP+0x6fedf0]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                                              00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7deb50]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!BlockInput                                                                                      00007ff816201530 6 bytes {JMP QWORD [RIP+0x7feb00]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                                                  00007ff816201c90 6 bytes {JMP QWORD [RIP+0x83e3a0]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                                         00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x77e380]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                                                    00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3bcc40]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                                              00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3fca90]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                                         00007ff816204311 5 bytes {JMP QWORD [RIP+0x47bd20]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                                           00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x87ab50]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                                                    00007ff816205720 6 bytes {JMP QWORD [RIP+0x43a910]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                                            00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4b9d80]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                               00007ff816206390 6 bytes {JMP QWORD [RIP+0x319ca0]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                                                  00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x376c60]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!mouse_event                                                                                     00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2d6130]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                                              00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                                          00007ff81620b7f4 2 bytes [69, 00]

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                                                 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7302b0]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                                           00007ff816213740 6 bytes {JMP QWORD [RIP+0x84c8f0]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                                                  00007ff816213c60 5 bytes [FF, 25, D0, C3, 34]

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                                                    00007ff816214610 6 bytes {JMP QWORD [RIP+0x88ba20]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                                                00007ff816214b80 6 bytes {JMP QWORD [RIP+0x74b4b0]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                                             00007ff816217101 5 bytes {JMP QWORD [RIP+0x328f30]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                                              00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3baa80]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                                                    00007ff816225920 6 bytes {JMP QWORD [RIP+0x37a710]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                                                    00007ff816226190 6 bytes {JMP QWORD [RIP+0x3f9ea0]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                                                   00007ff816234520 6 bytes {JMP QWORD [RIP+0x88bb10]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                                             00007ff816236480 6 bytes {JMP QWORD [RIP+0x6a9bb0]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                                              00007ff81623c620 6 bytes {JMP QWORD [RIP+0x643a10]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                                                00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7e1080]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                                             00007ff81623f600 6 bytes {JMP QWORD [RIP+0x420a30]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                               00007ff816260f60 6 bytes {JMP QWORD [RIP+0x29f0d0]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!keybd_event                                                                                     00007ff816289620 6 bytes {JMP QWORD [RIP+0x236a10]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                                             00007ff816290f30 6 bytes {JMP QWORD [RIP+0x62f100]}

.text   C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                                            00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x40e740]}

.text   C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\System32\svchost.exe[1340] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\System32\svchost.exe[1340] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\System32\svchost.exe[1340] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\System32\svchost.exe[1340] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\System32\svchost.exe[1340] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\System32\svchost.exe[1340] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIf3                                                                            00007ff815e74fc0 6 bytes {JMP QWORD [RIP+0x50b070]}

.text   C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                                           00007ff815e8fe20 6 bytes {JMP QWORD [RIP+0x350210]}

.text   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1720] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                 00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1720] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters         00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1720] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW               00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1720] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1  00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1720] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                          00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1720] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                            00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\System32\svchost.exe[1760] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\System32\svchost.exe[1760] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\System32\svchost.exe[1760] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\System32\svchost.exe[1760] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\System32\svchost.exe[1760] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\System32\svchost.exe[1760] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\system32\dashost.exe[1800] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\dashost.exe[1800] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\dashost.exe[1800] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156200d8

.text   C:\WINDOWS\system32\dashost.exe[1800] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\system32\dashost.exe[1800] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\system32\dashost.exe[1800] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe[1808] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                               00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe[1808] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                       00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe[1808] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                             00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe[1808] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x5a6ce0]}

.text   C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe[1808] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                        00007ff8156da520 6 bytes {JMP QWORD [RIP+0x5e5b10]}

.text   C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe[1808] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                          00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x5a4080]}

.text   C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1868] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                 00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1868] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters         00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1868] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW               00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1868] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1  00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1868] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                          00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1868] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                            00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1108] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1108] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1108] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                      00007ff81569ef70 5 bytes JMP 00007ff9156200d8

.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1108] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xb06ce0]}

.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1108] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0xdd5b10]}

.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1108] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0xc84080]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                                                      00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7aee60]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetParent                                                                                       00007ff816201220 4 bytes [FF, 25, 10, EE]

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetParent + 5                                                                                   00007ff816201225 1 byte [00]

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                                                00007ff816201230 6 bytes {JMP QWORD [RIP+0x70ee00]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendInput                                                                                       00007ff816201240 6 bytes {JMP QWORD [RIP+0x6eedf0]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                                              00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7ceb50]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!BlockInput                                                                                      00007ff816201530 6 bytes {JMP QWORD [RIP+0x7eeb00]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                                                  00007ff816201c90 6 bytes {JMP QWORD [RIP+0x82e3a0]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                                         00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x76e380]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                                                    00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                                              00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                                         00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                                           00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x86ab50]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                                                    00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                                            00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                               00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                                                  00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!mouse_event                                                                                     00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                                              00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                                          00007ff81620b7f4 2 bytes [68, 00]

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                                                 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7202b0]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                                           00007ff816213740 6 bytes {JMP QWORD [RIP+0x83c8f0]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                                                  00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                                                    00007ff816214610 6 bytes {JMP QWORD [RIP+0x87ba20]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                                                00007ff816214b80 6 bytes {JMP QWORD [RIP+0x73b4b0]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                                             00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                                              00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                                                    00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                                                    00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                                                   00007ff816234520 6 bytes {JMP QWORD [RIP+0x87bb10]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                                             00007ff816236480 6 bytes {JMP QWORD [RIP+0x699bb0]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                                              00007ff81623c620 6 bytes {JMP QWORD [RIP+0x633a10]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                                                00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7d1080]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                                             00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                               00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!keybd_event                                                                                     00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                                             00007ff816290f30 6 bytes {JMP QWORD [RIP+0x61f100]}

.text   C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                                            00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}

.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2192] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2192] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2192] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                      00007ff81569ef70 5 bytes JMP 00007ff9156200d8

.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2192] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xb06ce0]}

.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2192] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0xdd5b10]}

.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2192] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0xc84080]}

.text   C:\WINDOWS\system32\svchost.exe[2300] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\svchost.exe[2300] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\svchost.exe[2300] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\svchost.exe[2300] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\system32\svchost.exe[2300] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\system32\svchost.exe[2300] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\system32\conhost.exe[2308] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\conhost.exe[2308] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\conhost.exe[2308] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\conhost.exe[2308] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x5a6ce0]}

.text   C:\WINDOWS\system32\conhost.exe[2308] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x5e5b10]}

.text   C:\WINDOWS\system32\conhost.exe[2308] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x5a4080]}

.text   C:\WINDOWS\system32\svchost.exe[2388] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\svchost.exe[2388] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\svchost.exe[2388] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\svchost.exe[2388] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\system32\svchost.exe[2388] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\system32\svchost.exe[2388] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                  00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                          00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                   00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x5a6ce0]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                           00007ff8156da520 6 bytes {JMP QWORD [RIP+0x5e5b10]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                             00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x5a4080]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                                                00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7aee60]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetParent                                                                                 00007ff816201220 4 bytes [FF, 25, 10, EE]

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetParent + 5                                                                             00007ff816201225 1 byte [00]

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                                          00007ff816201230 6 bytes {JMP QWORD [RIP+0x70ee00]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendInput                                                                                 00007ff816201240 6 bytes {JMP QWORD [RIP+0x6eedf0]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                                        00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7ceb50]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!BlockInput                                                                                00007ff816201530 6 bytes {JMP QWORD [RIP+0x7eeb00]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                                            00007ff816201c90 6 bytes {JMP QWORD [RIP+0x82e3a0]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                                   00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x76e380]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                                              00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                                        00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                                   00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                                     00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x86ab50]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                                              00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                                      00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                         00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                                            00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!mouse_event                                                                               00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                                        00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                                    00007ff81620b7f4 2 bytes [68, 00]

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                                           00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7202b0]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                                     00007ff816213740 6 bytes {JMP QWORD [RIP+0x83c8f0]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                                            00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                                              00007ff816214610 6 bytes {JMP QWORD [RIP+0x87ba20]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                                          00007ff816214b80 6 bytes {JMP QWORD [RIP+0x73b4b0]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                                       00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                                        00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                                              00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                                              00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                                             00007ff816234520 6 bytes {JMP QWORD [RIP+0x87bb10]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                                       00007ff816236480 6 bytes {JMP QWORD [RIP+0x699bb0]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                                        00007ff81623c620 6 bytes {JMP QWORD [RIP+0x633a10]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                                          00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7d1080]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                                       00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                         00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!keybd_event                                                                               00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                                       00007ff816290f30 6 bytes {JMP QWORD [RIP+0x61f100]}

.text   C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                                      00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                              00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                      00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                            00007ff81569ef70 5 bytes JMP 00007ff9156200d8

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                               00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xaf6ce0]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                       00007ff8156da520 6 bytes {JMP QWORD [RIP+0xcb5b10]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                         00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0xaf4080]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                                            00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x84ee60]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetParent                                                                             00007ff816201220 6 bytes {JMP QWORD [RIP+0x82ee10]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                                      00007ff816201230 6 bytes {JMP QWORD [RIP+0x7aee00]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendInput                                                                             00007ff816201240 6 bytes {JMP QWORD [RIP+0x78edf0]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                                    00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x86eb50]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!BlockInput                                                                            00007ff816201530 6 bytes {JMP QWORD [RIP+0x88eb00]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                                        00007ff816201c90 6 bytes {JMP QWORD [RIP+0x8ce3a0]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                               00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x80e380]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                                          00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x44cc40]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                                    00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x48ca90]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                               00007ff816204311 5 bytes {JMP QWORD [RIP+0x6abd20]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                                 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x90ab50]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                                          00007ff816205720 6 bytes {JMP QWORD [RIP+0x66a910]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                                  00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x6e9d80]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                     00007ff816206390 6 bytes {JMP QWORD [RIP+0x3a9ca0]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                                        00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x406c60]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!mouse_event                                                                           00007ff816209f00 6 bytes {JMP QWORD [RIP+0x366130]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                                    00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                                00007ff81620b7f4 2 bytes [72, 00]

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                                       00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7c02b0]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                                 00007ff816213740 6 bytes {JMP QWORD [RIP+0x8dc8f0]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                                        00007ff816213c60 5 bytes [FF, 25, D0, C3, 3D]

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                                          00007ff816214610 6 bytes {JMP QWORD [RIP+0x91ba20]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                                      00007ff816214b80 6 bytes {JMP QWORD [RIP+0x7db4b0]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                                   00007ff816217101 5 bytes {JMP QWORD [RIP+0x3b8f30]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                                    00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x44aa80]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                                          00007ff816225920 6 bytes {JMP QWORD [RIP+0x40a710]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                                          00007ff816226190 6 bytes {JMP QWORD [RIP+0x489ea0]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                                         00007ff816234520 6 bytes {JMP QWORD [RIP+0x91bb10]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                                   00007ff816236480 6 bytes {JMP QWORD [RIP+0x739bb0]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                                    00007ff81623c620 6 bytes {JMP QWORD [RIP+0x6d3a10]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                                      00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x871080]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                                   00007ff81623f600 6 bytes {JMP QWORD [RIP+0x650a30]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                     00007ff816260f60 6 bytes {JMP QWORD [RIP+0x32f0d0]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!keybd_event                                                                           00007ff816289620 6 bytes {JMP QWORD [RIP+0x2c6a10]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                                   00007ff816290f30 6 bytes {JMP QWORD [RIP+0x6bf100]}

.text   C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                                  00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x63e740]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                            00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                    00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                          00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                             00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                     00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                       00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                                                          00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7aee60]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetParent                                                                                           00007ff816201220 4 bytes [FF, 25, 10, EE]

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetParent + 5                                                                                       00007ff816201225 1 byte [00]

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                                                    00007ff816201230 6 bytes {JMP QWORD [RIP+0x70ee00]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendInput                                                                                           00007ff816201240 6 bytes {JMP QWORD [RIP+0x6eedf0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                                                  00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7ceb50]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!BlockInput                                                                                          00007ff816201530 6 bytes {JMP QWORD [RIP+0x7eeb00]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                                                      00007ff816201c90 6 bytes {JMP QWORD [RIP+0x82e3a0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                                             00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x76e380]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                                                        00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                                                  00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                                             00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                                               00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x86ab50]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                                                        00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                                                00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                                   00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                                                      00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!mouse_event                                                                                         00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                                                  00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                                              00007ff81620b7f4 2 bytes [68, 00]

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                                                     00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7202b0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                                               00007ff816213740 6 bytes {JMP QWORD [RIP+0x83c8f0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                                                      00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                                                        00007ff816214610 6 bytes {JMP QWORD [RIP+0x87ba20]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                                                    00007ff816214b80 6 bytes {JMP QWORD [RIP+0x73b4b0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                                                 00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                                                  00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                                                        00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                                                        00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                                                       00007ff816234520 6 bytes {JMP QWORD [RIP+0x87bb10]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                                                 00007ff816236480 6 bytes {JMP QWORD [RIP+0x699bb0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                                                  00007ff81623c620 6 bytes {JMP QWORD [RIP+0x633a10]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                                                    00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7d1080]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                                                 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                                   00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!keybd_event                                                                                         00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                                                 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x61f100]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                                                00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!BitBlt                                                                                               00007ff815823d80 6 bytes {JMP QWORD [RIP+0x3fc2b0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!CreateDCW                                                                                            00007ff815834a00 6 bytes {JMP QWORD [RIP+0x18b630]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!CreateDCA                                                                                            00007ff815834b70 6 bytes {JMP QWORD [RIP+0x16b4c0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!MaskBlt                                                                                              00007ff815837d30 6 bytes {JMP QWORD [RIP+0x408300]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!StretchBlt                                                                                           00007ff815842e30 6 bytes {JMP QWORD [RIP+0x43d200]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!GetPixel                                                                                             00007ff815842f40 6 bytes {JMP QWORD [RIP+0x19d0f0]}

.text   C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!PlgBlt                                                                                               00007ff8158a3f30 6 bytes {JMP QWORD [RIP+0x3bc100]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                               00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                       00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                             00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x5a6ce0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                        00007ff8156da520 6 bytes {JMP QWORD [RIP+0x5e5b10]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                          00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x5a4080]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                             00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7aee60]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetParent                                                              00007ff816201220 4 bytes [FF, 25, 10, EE]

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetParent + 5                                                          00007ff816201225 1 byte [00]

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                       00007ff816201230 6 bytes {JMP QWORD [RIP+0x70ee00]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendInput                                                              00007ff816201240 6 bytes {JMP QWORD [RIP+0x6eedf0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                     00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7ceb50]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!BlockInput                                                             00007ff816201530 6 bytes {JMP QWORD [RIP+0x7eeb00]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                         00007ff816201c90 6 bytes {JMP QWORD [RIP+0x82e3a0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x76e380]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                           00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                     00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                  00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x86ab50]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                           00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                   00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                      00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                         00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!mouse_event                                                            00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                     00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                 00007ff81620b7f4 2 bytes [68, 00]

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                        00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7202b0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                  00007ff816213740 6 bytes {JMP QWORD [RIP+0x83c8f0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                         00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                           00007ff816214610 6 bytes {JMP QWORD [RIP+0x87ba20]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                       00007ff816214b80 6 bytes {JMP QWORD [RIP+0x73b4b0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                    00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                     00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                           00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                           00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                          00007ff816234520 6 bytes {JMP QWORD [RIP+0x87bb10]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                    00007ff816236480 6 bytes {JMP QWORD [RIP+0x699bb0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                     00007ff81623c620 6 bytes {JMP QWORD [RIP+0x633a10]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                       00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7d1080]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                    00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                      00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!keybd_event                                                            00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                    00007ff816290f30 6 bytes {JMP QWORD [RIP+0x61f100]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                   00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!BitBlt                                                                  00007ff815823d80 6 bytes {JMP QWORD [RIP+0x4cc2b0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!CreateDCW                                                               00007ff815834a00 6 bytes {JMP QWORD [RIP+0x3fb630]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!CreateDCA                                                               00007ff815834b70 6 bytes {JMP QWORD [RIP+0x3db4c0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!MaskBlt                                                                 00007ff815837d30 6 bytes {JMP QWORD [RIP+0x4d8300]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!StretchBlt                                                              00007ff815842e30 6 bytes {JMP QWORD [RIP+0x50d200]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!GetPixel                                                                00007ff815842f40 6 bytes {JMP QWORD [RIP+0x40d0f0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!PlgBlt                                                                  00007ff8158a3f30 6 bytes {JMP QWORD [RIP+0x48c100]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                         00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                       00007ff81569ef70 5 bytes JMP 00007ff9156200d8

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                          00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xcb6ce0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                  00007ff8156da520 6 bytes JMP 0

Baane

29.06.2015 20:11

GMER Teil 2:

Code:

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                    00007ff8156fbfb0 6 bytes JMP 0

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                                                       00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x88ee60]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetParent                                                                                        00007ff816201220 6 bytes {JMP QWORD [RIP+0x86ee10]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                                                 00007ff816201230 6 bytes {JMP QWORD [RIP+0x7eee00]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendInput                                                                                        00007ff816201240 6 bytes {JMP QWORD [RIP+0x7cedf0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                                               00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x8aeb50]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!BlockInput                                                                                       00007ff816201530 6 bytes {JMP QWORD [RIP+0x8ceb00]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                                                   00007ff816201c90 6 bytes {JMP QWORD [RIP+0x90e3a0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                                          00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x84e380]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                                                     00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x48cc40]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                                               00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x66ca90]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                                          00007ff816204311 5 bytes {JMP QWORD [RIP+0x6ebd20]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                                            00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x94ab50]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                                                     00007ff816205720 6 bytes {JMP QWORD [RIP+0x6aa910]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                                             00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x729d80]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                                00007ff816206390 6 bytes {JMP QWORD [RIP+0x3e9ca0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                                                   00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x446c60]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!mouse_event                                                                                      00007ff816209f00 6 bytes {JMP QWORD [RIP+0x3a6130]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                                               00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                                           00007ff81620b7f4 2 bytes [76, 00]

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                                                  00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x8002b0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                                            00007ff816213740 6 bytes {JMP QWORD [RIP+0x91c8f0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                                                   00007ff816213c60 5 bytes [FF, 25, D0, C3, 41]

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                                                     00007ff816214610 6 bytes {JMP QWORD [RIP+0x95ba20]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                                                 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x81b4b0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                                              00007ff816217101 5 bytes {JMP QWORD [RIP+0x3f8f30]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                                               00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x48aa80]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                                                     00007ff816225920 6 bytes {JMP QWORD [RIP+0x44a710]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                                                     00007ff816226190 6 bytes {JMP QWORD [RIP+0x669ea0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                                                    00007ff816234520 6 bytes {JMP QWORD [RIP+0x95bb10]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                                              00007ff816236480 6 bytes {JMP QWORD [RIP+0x779bb0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                                               00007ff81623c620 6 bytes {JMP QWORD [RIP+0x713a10]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                                                 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x8b1080]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                                              00007ff81623f600 6 bytes {JMP QWORD [RIP+0x690a30]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                                00007ff816260f60 6 bytes {JMP QWORD [RIP+0x36f0d0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!keybd_event                                                                                      00007ff816289620 6 bytes {JMP QWORD [RIP+0x306a10]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                                              00007ff816290f30 6 bytes {JMP QWORD [RIP+0x6ff100]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                                             00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x67e740]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!BitBlt                                                                                            00007ff815823d80 6 bytes {JMP QWORD [RIP+0xcec2b0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!CreateDCW                                                                                         00007ff815834a00 6 bytes {JMP QWORD [RIP+0x3fb630]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!CreateDCA                                                                                         00007ff815834b70 6 bytes {JMP QWORD [RIP+0x3db4c0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!MaskBlt                                                                                           00007ff815837d30 6 bytes {JMP QWORD [RIP+0xcf8300]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!StretchBlt                                                                                        00007ff815842e30 6 bytes {JMP QWORD [RIP+0xd2d200]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!GetPixel                                                                                          00007ff815842f40 6 bytes {JMP QWORD [RIP+0x40d0f0]}

.text   C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!PlgBlt                                                                                            00007ff8158a3f30 6 bytes {JMP QWORD [RIP+0xcac100]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                     00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                             00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                   00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                      00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x5a6ce0]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                              00007ff8156da520 6 bytes {JMP QWORD [RIP+0x5e5b10]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x5a4080]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                                                   00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7aee60]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetParent                                                                                    00007ff816201220 4 bytes [FF, 25, 10, EE]

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetParent + 5                                                                                00007ff816201225 1 byte [00]

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                                             00007ff816201230 6 bytes {JMP QWORD [RIP+0x70ee00]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendInput                                                                                    00007ff816201240 6 bytes {JMP QWORD [RIP+0x6eedf0]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                                           00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7ceb50]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!BlockInput                                                                                   00007ff816201530 6 bytes {JMP QWORD [RIP+0x7eeb00]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                                               00007ff816201c90 6 bytes {JMP QWORD [RIP+0x82e3a0]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                                      00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x76e380]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                                                 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                                           00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                                      00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                                        00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x86ab50]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                                                 00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                                         00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                            00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                                               00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!mouse_event                                                                                  00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                                           00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                                       00007ff81620b7f4 2 bytes [68, 00]

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                                              00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7202b0]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                                        00007ff816213740 6 bytes {JMP QWORD [RIP+0x83c8f0]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                                               00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                                                 00007ff816214610 6 bytes {JMP QWORD [RIP+0x87ba20]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                                             00007ff816214b80 6 bytes {JMP QWORD [RIP+0x73b4b0]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                                          00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                                           00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                                                 00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                                                 00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                                                00007ff816234520 6 bytes {JMP QWORD [RIP+0x87bb10]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                                          00007ff816236480 6 bytes {JMP QWORD [RIP+0x699bb0]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                                           00007ff81623c620 6 bytes {JMP QWORD [RIP+0x633a10]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                                             00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7d1080]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                                          00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                            00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!keybd_event                                                                                  00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                                          00007ff816290f30 6 bytes {JMP QWORD [RIP+0x61f100]}

.text   C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                                         00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                                00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                        00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                              00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                                 00007ff8156d9351 5 bytes JMP 0

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                         00007ff8156da520 6 bytes JMP 0

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                           00007ff8156fbfb0 6 bytes JMP 0

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                                                              00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x1d7ee60]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetParent                                                                                               00007ff816201220 6 bytes {JMP QWORD [RIP+0x1d5ee10]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                                                        00007ff816201230 6 bytes {JMP QWORD [RIP+0x1c2ee00]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendInput                                                                                               00007ff816201240 6 bytes {JMP QWORD [RIP+0x1c0edf0]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                                                      00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x1d9eb50]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!BlockInput                                                                                              00007ff816201530 6 bytes {JMP QWORD [RIP+0x1dbeb00]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                                                          00007ff816201c90 6 bytes {JMP QWORD [RIP+0x1dfe3a0]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                                                 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x1c8e380]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                                                            00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                                                      00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                                                 00007ff816204311 5 bytes JMP 9d63

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                                                   00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x219ab50]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                                                            00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                                                    00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                                       00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                                                          00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!mouse_event                                                                                             00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                                                      00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                                                  00007ff81620b7f4 2 bytes [BA, 01]

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                                                         00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x1c402b0]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                                                   00007ff816213740 6 bytes {JMP QWORD [RIP+0x211c8f0]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                                                          00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                                                            00007ff816214610 6 bytes {JMP QWORD [RIP+0x21aba20]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                                                        00007ff816214b80 6 bytes {JMP QWORD [RIP+0x1c5b4b0]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                                                     00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                                                      00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                                                            00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                                                            00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                                                           00007ff816234520 6 bytes {JMP QWORD [RIP+0x21abb10]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                                                     00007ff816236480 6 bytes {JMP QWORD [RIP+0x1bb9bb0]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                                                      00007ff81623c620 6 bytes {JMP QWORD [RIP+0x1b53a10]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                                                        00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x1da1080]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                                                     00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                                       00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!keybd_event                                                                                             00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                                                     00007ff816290f30 6 bytes {JMP QWORD [RIP+0x1b3f100]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                                                    00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!BitBlt                                                                                                   00007ff815823d80 6 bytes {JMP QWORD [RIP+0x4cc2b0]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!CreateDCW                                                                                                00007ff815834a00 6 bytes {JMP QWORD [RIP+0x3fb630]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!CreateDCA                                                                                                00007ff815834b70 6 bytes {JMP QWORD [RIP+0x3db4c0]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!MaskBlt                                                                                                  00007ff815837d30 6 bytes JMP 0

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!StretchBlt                                                                                               00007ff815842e30 6 bytes {JMP QWORD [RIP+0x50d200]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!GetPixel                                                                                                 00007ff815842f40 6 bytes {JMP QWORD [RIP+0x40d0f0]}

.text   C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!PlgBlt                                                                                                   00007ff8158a3f30 6 bytes {JMP QWORD [RIP+0x48c100]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                 00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                         00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                               00007ff81569ef70 5 bytes JMP 00007ff9156200d8

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                  00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x5a6ce0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                          00007ff8156da520 6 bytes {JMP QWORD [RIP+0x5e5b10]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                            00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x5a4080]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                               00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x219ee60]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetParent                                                                00007ff816201220 6 bytes {JMP QWORD [RIP+0x212ee10]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                         00007ff816201230 6 bytes {JMP QWORD [RIP+0x1c2ee00]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendInput                                                                00007ff816201240 6 bytes {JMP QWORD [RIP+0x1c0edf0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                       00007ff8162014e0 4 bytes [FF, 25, 50, EB]

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer + 5                                                   00007ff8162014e5 1 byte {JMP 0x1d}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!BlockInput                                                               00007ff816201530 6 bytes {JMP QWORD [RIP+0x21deb00]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                           00007ff816201c90 6 bytes {JMP QWORD [RIP+0x221e3a0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                  00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x1c8e380]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                             00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                       00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                  00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                    00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x225ab50]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                             00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                     00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                        00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                           00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!mouse_event                                                              00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                       00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                   00007ff81620b7f4 2 bytes [BA, 01]

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                          00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x1c402b0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                    00007ff816213740 6 bytes {JMP QWORD [RIP+0x222c8f0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                           00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                             00007ff816214610 6 bytes {JMP QWORD [RIP+0x226ba20]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                         00007ff816214b80 6 bytes {JMP QWORD [RIP+0x1c5b4b0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                      00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                       00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                             00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                             00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                            00007ff816234520 6 bytes {JMP QWORD [RIP+0x226bb10]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                      00007ff816236480 6 bytes {JMP QWORD [RIP+0x1bb9bb0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                       00007ff81623c620 6 bytes {JMP QWORD [RIP+0x1b53a10]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                         00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x21c1080]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                      00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                        00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!keybd_event                                                              00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                      00007ff816290f30 6 bytes {JMP QWORD [RIP+0x1b3f100]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                     00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!BitBlt                                                                    00007ff815823d80 6 bytes {JMP QWORD [RIP+0x4cc2b0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!CreateDCW                                                                 00007ff815834a00 6 bytes {JMP QWORD [RIP+0x3fb630]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!CreateDCA                                                                 00007ff815834b70 6 bytes {JMP QWORD [RIP+0x3db4c0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!MaskBlt                                                                   00007ff815837d30 6 bytes {JMP QWORD [RIP+0x4d8300]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!StretchBlt                                                                00007ff815842e30 6 bytes {JMP QWORD [RIP+0x50d200]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!GetPixel                                                                  00007ff815842f40 6 bytes {JMP QWORD [RIP+0x40d0f0]}

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!PlgBlt                                                                    00007ff8158a3f30 6 bytes {JMP QWORD [RIP+0x48c100]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                       00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                               00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                     00007ff81569ef70 5 bytes JMP 00007ff9156200d8

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                        00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xcb6ce0]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                00007ff8156da520 6 bytes {JMP QWORD [RIP+0xe05b10]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                  00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0xdc4080]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                                     00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x227ee60]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetParent                                                                      00007ff816201220 6 bytes {JMP QWORD [RIP+0x225ee10]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                               00007ff816201230 6 bytes {JMP QWORD [RIP+0x21dee00]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendInput                                                                      00007ff816201240 6 bytes {JMP QWORD [RIP+0x21bedf0]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                             00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x229eb50]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!BlockInput                                                                     00007ff816201530 6 bytes {JMP QWORD [RIP+0x22beb00]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                                 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x22fe3a0]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                        00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x223e380]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                                   00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x48cc40]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                             00007ff8162035a0 6 bytes JMP 0

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                        00007ff816204311 5 bytes {JMP QWORD [RIP+0x1c0bd20]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                          00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x233ab50]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                                   00007ff816205720 6 bytes JMP 0

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                           00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x1c49d80]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                              00007ff816206390 6 bytes {JMP QWORD [RIP+0x3e9ca0]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                                 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x446c60]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!mouse_event                                                                    00007ff816209f00 6 bytes {JMP QWORD [RIP+0x3a6130]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                             00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                         00007ff81620b7f4 2 bytes [C8, 01]

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                                00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x21f02b0]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                          00007ff816213740 6 bytes {JMP QWORD [RIP+0x230c8f0]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                                 00007ff816213c60 5 bytes [FF, 25, D0, C3, 41]

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                                   00007ff816214610 6 bytes JMP 0

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                               00007ff816214b80 6 bytes {JMP QWORD [RIP+0x220b4b0]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                            00007ff816217101 5 bytes {JMP QWORD [RIP+0x3f8f30]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                             00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x48aa80]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                                   00007ff816225920 6 bytes {JMP QWORD [RIP+0x44a710]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                                   00007ff816226190 6 bytes JMP 0

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                                  00007ff816234520 6 bytes JMP 0

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                            00007ff816236480 6 bytes {JMP QWORD [RIP+0x2169bb0]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                             00007ff81623c620 6 bytes {JMP QWORD [RIP+0x1c33a10]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                               00007ff81623efb0 6 bytes JMP 0

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                            00007ff81623f600 6 bytes JMP 15040000

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                              00007ff816260f60 6 bytes {JMP QWORD [RIP+0x36f0d0]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!keybd_event                                                                    00007ff816289620 6 bytes {JMP QWORD [RIP+0x306a10]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                            00007ff816290f30 6 bytes {JMP QWORD [RIP+0x209f100]}

.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                           00007ff8162918f0 6 bytes JMP 0

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                          00007ff815688e46 3 bytes [C4, 71, 11]

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                  00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                        00007ff81569ef70 5 bytes JMP 00007ff9156200d8

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                           00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xcb6ce0]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                   00007ff8156da520 6 bytes {JMP QWORD [RIP+0xe05b10]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                     00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0xdc4080]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!MoveWindow                                                                        00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x227ee60]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetParent                                                                         00007ff816201220 6 bytes JMP 0

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!GetKeyboardState                                                                  00007ff816201230 6 bytes {JMP QWORD [RIP+0x21dee00]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendInput                                                                         00007ff816201240 6 bytes {JMP QWORD [RIP+0x21bedf0]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer                                                                00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x229eb50]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!BlockInput                                                                        00007ff816201530 6 bytes {JMP QWORD [RIP+0x22beb00]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!RegisterHotKey                                                                    00007ff816201c90 6 bytes {JMP QWORD [RIP+0x22fe3a0]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices                                                           00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x223e380]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!PostMessageW                                                                      00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x48cc40]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW                                                                00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x1b8ca90]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1                                                           00007ff816204311 5 bytes {JMP QWORD [RIP+0x1c0bd20]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW                                                             00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x233ab50]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendMessageW                                                                      00007ff816205720 6 bytes {JMP QWORD [RIP+0x1bca910]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW                                                              00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x1c49d80]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                 00007ff816206390 6 bytes JMP 370031

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetWindowLongW                                                                    00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x446c60]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!mouse_event                                                                       00007ff816209f00 6 bytes JMP 3e

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW                                                                00007ff81620b7f0 3 bytes [FF, 25, 40]

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4                                                            00007ff81620b7f4 2 bytes [C8, 01]

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1                                                                   00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x21f02b0]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA                                                             00007ff816213740 6 bytes {JMP QWORD [RIP+0x230c8f0]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetWindowLongA                                                                    00007ff816213c60 5 bytes [FF, 25, D0, C3, 41]

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!EnableWindow                                                                      00007ff816214610 6 bytes {JMP QWORD [RIP+0x234ba20]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState                                                                  00007ff816214b80 6 bytes {JMP QWORD [RIP+0x220b4b0]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1                                                               00007ff816217101 5 bytes JMP 2

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA                                                                00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x48aa80]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!PostMessageA                                                                      00007ff816225920 6 bytes {JMP QWORD [RIP+0x44a710]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendMessageA                                                                      00007ff816226190 6 bytes {JMP QWORD [RIP+0x1b89ea0]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx                                                                     00007ff816234520 6 bytes {JMP QWORD [RIP+0x234bb10]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW                                                               00007ff816236480 6 bytes {JMP QWORD [RIP+0x2169bb0]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA                                                                00007ff81623c620 6 bytes {JMP QWORD [RIP+0x1c33a10]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!GetClipboardData                                                                  00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x22a1080]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA                                                               00007ff81623f600 6 bytes JMP 0

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                 00007ff816260f60 6 bytes JMP 36f0d8

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!keybd_event                                                                       00007ff816289620 6 bytes {JMP QWORD [RIP+0x306a10]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA                                                               00007ff816290f30 6 bytes {JMP QWORD [RIP+0x209f100]}

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA                                                              00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x1b9e740]}

.text   C:\WINDOWS\system32\GWX\GWX.exe[7172] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198                                                                        00007ff815688e46 3 bytes [C4, 71, 17]

.text   C:\WINDOWS\system32\GWX\GWX.exe[7172] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                00007ff815698ca0 5 bytes [FF, 25, 90, 73, 32]

.text   C:\WINDOWS\system32\GWX\GWX.exe[7172] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW                                                                      00007ff81569ef70 5 bytes JMP 00007ff9156700d8

.text   C:\WINDOWS\system32\GWX\GWX.exe[7172] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1                                                         00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x536ce0]}

.text   C:\WINDOWS\system32\GWX\GWX.exe[7172] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW                                                                                 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x575b10]}

.text   C:\WINDOWS\system32\GWX\GWX.exe[7172] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2                                                                                   00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x534080]}
 

---- Threads - GMER 2.1 ----
 

Thread  C:\WINDOWS\system32\csrss.exe [9088:6392]                                                                                                                            fffff960009312d0
 

---- Disk sectors - GMER 2.1 ----
 

Disk    \Device\Harddisk0\DR0                                                                                                                                                unknown MBR code
 

---- EOF - GMER 2.1 ----

Sorry, verstehe nicht warum das bei mir so ein Datenmonster ist, wo es bei anderen doch alles in einen Beitrag passt.

schrauber

30.06.2015 09:46

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Baane

01.07.2015 06:21

Hi schrauber,

Hab alles erledigt, Logs folgen:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 01.07.2015

Suchlauf-Zeit: 05:47:23

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.01.6.1022

Malware Datenbank: v2015.06.30.08

Rootkit Datenbank: v2015.06.30.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 8.1

CPU: x64

Dateisystem: NTFS

Benutzer: Martin
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 486138

Verstrichene Zeit: 35 Min, 33 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente gefunden)
 

Module: 0

(Keine schädliche Elemente gefunden)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente gefunden)
 

Registrierungswerte: 0

(Keine schädliche Elemente gefunden)
 

Registrierungsdaten: 0

(Keine schädliche Elemente gefunden)
 

Ordner: 0

(Keine schädliche Elemente gefunden)
 

Dateien: 0

(Keine schädliche Elemente gefunden)
 

Physische Sektoren: 0

(Keine schädliche Elemente gefunden)
 
 

(end)

Code:

# AdwCleaner v4.111 - Bericht erstellt 01/07/2015 um 06:43:54

# Aktualisiert 18/02/2015 von Xplode

# Datenbank : 2015-06-29.1 [Server]

# Betriebssystem : Windows 8.1  (x64)

# Benutzername : Martin - KOPPMANN

# Gestarted von : C:\Users\Martin\Downloads\adwcleaner_4.111.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\user.js
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKLM\SOFTWARE\GeekBuddyRSP

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17840
 
 

-\\ Mozilla Firefox v38.0.5 (x86 de)
 
 

-\\ Google Chrome v43.0.2357.130
 
 

-\\ Comodo Dragon v31.1.0.0
 
 

*************************
 

AdwCleaner[R0].txt - [2918 Bytes] - [15/04/2014 20:05:25]

AdwCleaner[R1].txt - [1037 Bytes] - [16/04/2014 15:23:00]

AdwCleaner[R2].txt - [1143 Bytes] - [17/04/2014 17:36:33]

AdwCleaner[R3].txt - [2768 Bytes] - [27/01/2015 01:26:32]

AdwCleaner[R4].txt - [1450 Bytes] - [26/02/2015 15:30:47]

AdwCleaner[R5].txt - [1785 Bytes] - [01/07/2015 06:36:19]

AdwCleaner[R6].txt - [1842 Bytes] - [01/07/2015 06:41:17]

AdwCleaner[S0].txt - [2736 Bytes] - [15/04/2014 20:06:45]

AdwCleaner[S1].txt - [1099 Bytes] - [16/04/2014 15:37:10]

AdwCleaner[S2].txt - [3395 Bytes] - [27/01/2015 01:29:20]

AdwCleaner[S3].txt - [1718 Bytes] - [01/07/2015 06:43:54]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1777  Bytes] ##########

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01

Ran by Martin (administrator) on KOPPMANN on 01-07-2015 07:18:24

Running from C:\Users\Martin\Downloads

Loaded Profiles: Martin (Available Profiles: Martin & Administrator)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-11-28] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-11-28] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-12-12] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-10] (COMODO)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-06-20] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-06-20] (Apple Inc.)

HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-06-08] (Oracle Corporation)

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-01-28] (Apple Inc.)

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-01-28] (Apple Inc.)

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-11] (SUPERAntiSpyware)

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)

AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-04-25]

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2013-11-20]

ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-08] (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-08] (Oracle Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{0B79355F-0C5D-4A23-87FC-1205805516AD}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{0B79355F-0C5D-4A23-87FC-1205805516AD}: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()

FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-08] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-08] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-12] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\donottrackplus@abine.com [2015-06-22]

FF Extension: FoxyProxy Standard - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\foxyproxy@eric.h.jung [2015-06-22]

FF Extension: Flashblock - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-06-22]

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-22]

FF Extension: anonymoX - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\client@anonymox.net.xpi [2015-06-22]

FF Extension: NoScript - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-22]

FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-22]

FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-22]
 

Chrome: 

=======

CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-26]

CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-26]

CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-26]

CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-26]

CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]

CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-26]

CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Martin\AppData\LocalLow\proxtube\CHROME\proxtube.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-11] (SUPERAntiSpyware.com)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-06-20] (Apple Inc.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-29] (Microsoft Corporation)

S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-10] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-10] (COMODO)

S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()

R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2012-11-28] (DTS)

S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)

S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-12-12] (NVIDIA Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-07-01] (Malwarebytes Corporation)

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-12-12] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-12-12] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-03] (Electronic Arts)

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-29] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 aswnet; C:\Windows\System32\Drivers\aswnet.sys [468144 2013-01-21] (AVAST Software)

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)

R1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [40224 2012-09-21] (Windows (R) Win 7 DDK provider)

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)

R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)

S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2015-01-17] (CPUID)

S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-11-03] (LogMeIn Inc.)

R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()

R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-07-01] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-07-01] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-12-12] (NVIDIA Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-29] (Microsoft Corporation)

S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== One Month Created files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-07-01 07:18 - 2015-07-01 07:18 - 00016067 _____ C:\Users\Martin\Downloads\FRST.txt

2015-07-01 06:52 - 2015-07-01 06:52 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-KOPPMANN-Windows-8.1-(64-bit).dat

2015-07-01 06:52 - 2015-07-01 06:52 - 00000000 ____D C:\RegBackup

2015-07-01 05:46 - 2015-07-01 05:46 - 02950701 _____ (Malwarebytes Corporation) C:\Users\Martin\Downloads\JRT.exe

2015-07-01 05:46 - 2015-07-01 05:46 - 02244096 _____ C:\Users\Martin\Downloads\AdwCleaner_4.207.exe

2015-07-01 05:45 - 2015-07-01 05:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.1.6.1022.exe

2015-06-30 23:33 - 2015-06-30 23:33 - 00016800 ____R C:\Users\Martin\Desktop\KFZA-Kurzpaper.odt

2015-06-29 06:21 - 2015-06-29 06:21 - 00380416 _____ C:\Users\Martin\Downloads\Gmer-19357.exe

2015-06-29 06:16 - 2015-07-01 07:18 - 00000000 ____D C:\Users\Martin\Desktop\TrojanerBoard

2015-06-29 06:16 - 2015-07-01 07:18 - 00000000 ____D C:\FRST

2015-06-29 06:15 - 2015-06-29 06:15 - 02112512 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe

2015-06-29 06:14 - 2015-06-29 06:14 - 00050477 _____ C:\Users\Martin\Downloads\Defogger.exe

2015-06-29 06:14 - 2015-06-29 06:14 - 00000000 _____ C:\Users\Martin\defogger_reenable

2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Movavi

2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Movavi

2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Deshaker

2015-06-28 04:35 - 2015-06-28 04:35 - 00001132 _____ C:\Users\Public\Desktop\Movavi Video Editor 10.lnk

2015-06-28 04:35 - 2015-06-28 04:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 10

2015-06-28 04:34 - 2015-06-28 04:35 - 00000000 ____D C:\Program Files (x86)\Movavi Video Editor 10

2015-06-28 04:33 - 2015-06-28 04:33 - 00005005 _____ C:\ProgramData\wmzddnmb.cix

2015-06-28 04:33 - 2015-06-28 04:33 - 00000000 ____D C:\ProgramData\Movavi Video Editor 10

2015-06-28 04:31 - 2015-06-28 04:32 - 122618720 _____ (Movavi) C:\Users\Martin\Downloads\MovaviVideoEditorSetupC.exe

2015-06-28 03:59 - 2015-06-28 04:26 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel Teamspeak

2015-06-27 20:08 - 2015-06-27 20:08 - 06477032 _____ (Tim Kosse) C:\Users\Martin\Downloads\FileZilla_3.11.0.2_win64-setup.exe

2015-06-27 14:44 - 2015-06-27 14:44 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft Logs Uploader.lnk

2015-06-27 14:44 - 2015-06-27 14:44 - 00001023 _____ C:\Users\Public\Desktop\Warcraft Logs Uploader.lnk

2015-06-27 14:44 - 2015-06-27 14:44 - 00000000 ____D C:\Program Files (x86)\Warcraft Logs Uploader

2015-06-27 14:42 - 2015-06-27 14:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia

2015-06-27 14:42 - 2015-06-27 14:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

2015-06-27 14:20 - 2015-06-27 14:20 - 18054744 _____ (Adobe Systems Inc.) C:\Users\Martin\Downloads\AdobeAIRInstaller.exe

2015-06-27 14:20 - 2015-06-27 14:20 - 01371985 _____ C:\Users\Martin\Downloads\warcraftlogs.air

2015-06-25 10:48 - 2015-06-25 10:48 - 00098110 _____ C:\Users\Martin\Downloads\MasterPlan-0.60.zip

2015-06-25 09:48 - 2015-06-25 15:45 - 00000000 ____D C:\Users\Martin\Desktop\AltesIphoneFinal2015

2015-06-24 14:44 - 2015-06-24 14:44 - 02528274 _____ C:\Users\Martin\Downloads\DBM-Core-6.2.0.zip

2015-06-24 07:07 - 2015-06-24 07:33 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel Screens

2015-06-22 02:34 - 2015-07-01 05:46 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-06-22 02:26 - 2015-06-22 02:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup(1).exe

2015-06-22 00:15 - 2015-06-22 00:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup.exe

2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Users\Martin\Downloads\Malwarebytes-Anti-Malware

2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Browser-Security

2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck

2015-06-20 04:05 - 2015-06-20 04:05 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-06-20 04:05 - 2015-06-20 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files\iTunes

2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files\iPod

2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-06-19 19:57 - 2015-06-19 19:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX

2015-06-15 20:07 - 2015-06-15 20:07 - 00000000 _____ C:\Users\Martin\Desktop\Neues Textdokument.txt

2015-06-10 21:36 - 2015-06-10 21:36 - 00202295 _____ C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip

2015-06-10 21:31 - 2015-06-13 20:10 - 00018012 _____ C:\Users\Martin\Desktop\ChamaleonOffbeat.aup

2015-06-10 21:31 - 2015-06-10 21:31 - 00031037 _____ C:\Users\Martin\Desktop\ChamaleonOffbeatSIcherung.aup

2015-06-10 21:31 - 2015-06-10 21:31 - 00000000 ____D C:\Users\Martin\Desktop\ChamaleonOffbeatSIcherung_data

2015-06-10 21:31 - 2015-06-10 21:31 - 00000000 ____D C:\Users\Martin\Desktop\ChamaleonOffbeat_data

2015-06-10 20:37 - 2015-06-10 20:37 - 00001548 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk

2015-06-10 20:37 - 2015-06-10 20:37 - 00001257 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk

2015-06-10 20:37 - 2015-06-10 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2015-06-10 20:36 - 2015-06-10 20:36 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack

2015-06-10 20:35 - 2015-06-10 20:35 - 36127464 _____ (DVDVideoSoft Ltd. ) C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe

2015-06-10 20:33 - 2015-06-10 20:33 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2015-06-10 20:33 - 2015-06-10 20:33 - 00001019 _____ C:\Users\Public\Desktop\Audacity.lnk

2015-06-10 20:33 - 2015-06-10 20:33 - 00000000 ____D C:\Program Files (x86)\Audacity

2015-06-10 20:29 - 2015-06-10 20:29 - 01197344 _____ C:\Users\Martin\Downloads\Audacity - CHIP-Installer.exe

2015-06-10 20:10 - 2015-06-24 15:35 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-06-10 20:10 - 2015-06-24 15:35 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-10 15:44 - 2015-06-10 15:44 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-06-10 15:44 - 2015-06-10 15:44 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-06-10 15:44 - 2015-06-10 15:44 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

2015-06-10 15:44 - 2015-06-10 15:44 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

2015-06-10 15:44 - 2015-06-10 15:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe

2015-06-10 15:44 - 2015-06-10 15:44 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2015-06-10 15:44 - 2015-06-10 15:44 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe

2015-06-10 15:44 - 2015-06-10 15:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll

2015-06-10 15:44 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2015-06-10 15:44 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2015-06-10 15:44 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml

2015-06-10 15:43 - 2015-06-10 15:43 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2015-06-09 01:50 - 2015-06-09 01:50 - 13095136 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\Silverlight_x64 (1).exe

2015-06-09 01:41 - 2015-06-09 01:42 - 13095136 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\Silverlight_x64.exe

2015-06-08 18:48 - 2015-06-08 18:48 - 00000000 ____D C:\Users\Martin\AppData\Local\GWX

2015-06-08 09:56 - 2015-06-25 23:04 - 00000000 ____D C:\Users\Martin\AppData\Roaming\.minecraft

2015-06-08 09:55 - 2015-06-08 10:06 - 00000000 ____D C:\Program Files (x86)\Minecraft

2015-06-08 09:55 - 2015-06-08 09:55 - 02314240 _____ C:\Users\Martin\Downloads\MinecraftInstaller.msi

2015-06-08 09:55 - 2015-06-08 09:55 - 00000973 _____ C:\Users\Public\Desktop\Minecraft.lnk

2015-06-08 09:55 - 2015-06-08 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft

2015-06-08 09:54 - 2015-06-08 09:54 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

2015-06-08 09:54 - 2015-06-08 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-06-08 09:54 - 2015-06-08 09:54 - 00000000 ____D C:\Program Files\Java

2015-06-08 09:48 - 2015-06-08 09:48 - 01197344 _____ C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe

2015-06-07 18:29 - 2015-06-07 18:29 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-06-03 20:35 - 2015-06-03 20:35 - 01594655 _____ C:\Users\Martin\Downloads\ExRT3440.zip

2015-06-03 07:07 - 2015-06-03 07:07 - 00007194 _____ C:\Users\Martin\Desktop\readme.html

2015-06-03 07:06 - 2015-06-03 07:06 - 06471520 _____ (Tim Kosse) C:\Users\Martin\Downloads\FileZilla_3.11.0.1_win64-setup.exe

2015-06-02 02:07 - 2015-06-02 02:07 - 00733320 _____ C:\Users\Martin\Khuz06.02.html

2015-06-02 02:07 - 2015-06-02 02:07 - 00000561 _____ C:\Users\Martin\Desktop\Khuz06.02.html.lnk

2015-06-01 23:10 - 2015-06-02 02:06 - 00000000 ____D C:\Users\Martin\Desktop\simc-612-02-win64

2015-06-01 23:09 - 2015-06-01 23:09 - 32565970 _____ C:\Users\Martin\Desktop\simc-612-02-win64.7z
 

==================== One Month Modified files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-07-01 07:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-07-01 07:17 - 2014-10-21 05:10 - 01940654 _____ C:\WINDOWS\WindowsUpdate.log

2015-07-01 07:14 - 2012-12-13 15:21 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat

2015-07-01 07:03 - 2015-01-13 18:30 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-07-01 07:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru

2015-07-01 06:47 - 2014-04-26 14:55 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-01 06:46 - 2014-04-26 14:55 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-01 06:45 - 2014-10-21 05:10 - 00000000 ____D C:\ProgramData\NVIDIA

2015-07-01 06:45 - 2013-08-22 16:46 - 00440496 _____ C:\WINDOWS\setupact.log

2015-07-01 06:45 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-07-01 06:44 - 2013-08-22 16:44 - 00363608 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-07-01 06:44 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2015-07-01 06:43 - 2014-04-15 20:05 - 00000000 ____D C:\AdwCleaner

2015-07-01 06:34 - 2015-02-25 16:32 - 00000000 ____D C:\Users\Martin\AppData\Local\Battle.net

2015-07-01 06:23 - 2012-11-28 11:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-683499341-1041353402-3527594545-1001

2015-07-01 05:46 - 2014-04-17 17:29 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-07-01 05:46 - 2014-04-17 17:28 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-07-01 05:46 - 2014-04-17 17:28 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-07-01 05:46 - 2014-04-17 17:28 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-07-01 05:46 - 2014-04-17 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-07-01 05:46 - 2014-04-17 17:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-07-01 04:14 - 2015-05-16 23:00 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm

2015-06-30 23:28 - 2012-12-18 20:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\TS3Client

2015-06-29 23:53 - 2015-02-25 16:32 - 00000000 ____D C:\Program Files (x86)\Battle.net

2015-06-29 06:14 - 2014-10-21 05:20 - 00000000 ____D C:\Users\Martin

2015-06-28 04:42 - 2013-01-07 20:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc

2015-06-27 20:09 - 2014-11-10 18:30 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FileZilla

2015-06-27 14:44 - 2012-12-13 14:40 - 00000000 ____D C:\ProgramData\Adobe

2015-06-27 14:44 - 2012-11-28 10:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Adobe

2015-06-27 14:42 - 2012-12-15 01:20 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe

2015-06-27 14:42 - 2012-12-15 01:14 - 00000000 ____D C:\Program Files (x86)\Adobe

2015-06-26 20:20 - 2014-11-09 03:11 - 00000000 ____D C:\Program Files (x86)\Steam

2015-06-26 14:45 - 2014-09-23 23:06 - 00021992 _____ C:\WINDOWS\PFRO.log

2015-06-26 12:18 - 2013-01-21 05:46 - 00000000 ____D C:\Users\Martin\Desktop\World of Warcraft

2015-06-25 16:05 - 2014-11-06 20:55 - 00000600 _____ C:\Users\Martin\AppData\Local\PUTTY.RND

2015-06-25 15:23 - 2013-11-05 18:27 - 00000000 ____D C:\ProgramData\Origin

2015-06-25 10:26 - 2015-02-12 09:52 - 00000000 ____D C:\Users\Martin\Desktop\Nudeanna

2015-06-24 20:05 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-06-24 07:09 - 2014-09-24 14:11 - 00000000 ____D C:\Users\Martin\Desktop\la fotografia

2015-06-24 04:40 - 2015-02-05 05:24 - 00067082 _____ C:\Users\Martin\Desktop\Email1.odt

2015-06-24 04:15 - 2015-03-01 18:51 - 00000000 ____D C:\Users\Martin\Desktop\Tor Browser

2015-06-23 19:03 - 2015-01-13 18:30 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-06-22 00:02 - 2015-04-24 00:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-06-20 04:08 - 2015-04-21 13:59 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-683499341-1041353402-3527594545-500

2015-06-20 04:05 - 2012-08-21 13:01 - 00125872 _____ (GEAR Software Inc.) C:\WINDOWS\system32\GEARAspi64.dll

2015-06-20 04:05 - 2012-08-21 13:01 - 00106928 _____ (GEAR Software Inc.) C:\WINDOWS\SysWOW64\GEARAspi.dll

2015-06-20 04:04 - 2013-05-16 12:55 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-06-18 01:11 - 2014-12-12 01:19 - 00948588 _____ C:\WINDOWS\system32\Drivers\fvstore.dat

2015-06-17 22:39 - 2014-09-24 08:17 - 02129096 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-06-17 22:39 - 2014-09-24 07:43 - 01025754 _____ C:\WINDOWS\system32\perfh007.dat

2015-06-17 22:39 - 2014-09-24 07:43 - 00245418 _____ C:\WINDOWS\system32\perfc007.dat

2015-06-17 00:44 - 2014-05-01 16:16 - 00000000 ____D C:\Program Files (x86)\Hearthstone

2015-06-13 20:10 - 2013-01-31 03:47 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Audacity

2015-06-11 01:40 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache

2015-06-10 20:37 - 2013-01-07 20:12 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft

2015-06-10 20:36 - 2013-01-07 20:12 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DVDVideoSoft

2015-06-10 18:53 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData

2015-06-10 18:52 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2015-06-10 18:48 - 2013-09-18 11:39 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-06-10 18:41 - 2012-12-12 22:46 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-06-08 09:39 - 2015-03-01 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-06-08 09:38 - 2015-04-16 02:36 - 00000000 ____D C:\WINDOWS\system32\appraiser

2015-06-08 09:38 - 2014-09-24 09:43 - 00000000 ___SD C:\WINDOWS\system32\CompatTel

2015-06-08 09:03 - 2015-01-28 00:21 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel.Server

2015-06-08 08:56 - 2014-09-25 16:48 - 00000000 ____D C:\ProgramData\Oracle

2015-06-05 15:36 - 2014-03-25 20:22 - 00820928 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys

2015-06-05 15:36 - 2014-03-25 20:22 - 00126696 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys

2015-06-05 15:36 - 2014-03-25 20:22 - 00035056 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys

2015-06-05 15:36 - 2014-03-25 20:22 - 00020672 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys

2015-06-05 15:34 - 2014-03-25 20:22 - 00576824 _____ (COMODO) C:\WINDOWS\system32\guard64.dll

2015-06-05 15:34 - 2014-03-25 20:22 - 00444448 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll

2015-06-05 15:34 - 2014-03-25 20:22 - 00041224 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll

2015-06-05 15:33 - 2014-03-25 20:22 - 00358080 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll

2015-06-05 15:32 - 2014-03-25 20:22 - 00045760 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll

2015-06-05 15:31 - 2014-03-25 20:22 - 00288448 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll

2015-06-05 15:31 - 2014-03-25 20:22 - 00040640 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll

2015-06-04 17:45 - 2014-06-22 17:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\SimulationCraft

2015-06-03 00:54 - 2013-11-05 18:28 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Origin

2015-06-03 00:53 - 2013-11-05 18:26 - 00000000 ____D C:\Program Files (x86)\Origin
 

==================== Files in the root of some directories =======
 

2013-06-03 18:24 - 2013-06-03 19:16 - 0000474 _____ () C:\Users\Martin\AppData\Roaming\Poladroid prefs.plist

2014-11-06 20:55 - 2015-06-25 16:05 - 0000600 _____ () C:\Users\Martin\AppData\Local\PUTTY.RND

2015-05-31 02:08 - 2015-05-31 02:08 - 0000874 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel

2014-04-15 20:00 - 2014-04-15 20:00 - 0000017 _____ () C:\Users\Martin\AppData\Local\resmon.resmoncfg

2013-04-25 13:58 - 2014-11-09 02:51 - 0001809 _____ () C:\ProgramData\hpzinstall.log

2015-06-28 04:33 - 2015-06-28 04:33 - 0005005 _____ () C:\ProgramData\wmzddnmb.cix
 

Some files in TEMP:

====================

C:\Users\Martin\AppData\Local\Temp\Quarantine.exe

C:\Users\Martin\AppData\Local\Temp\sdan.exe

C:\Users\Martin\AppData\Local\Temp\sdapk.exe

C:\Users\Martin\AppData\Local\Temp\sdaspwn.exe

C:\Users\Martin\AppData\Local\Temp\Setup-Giga1.exe

C:\Users\Martin\AppData\Local\Temp\sqlite3.dll

C:\Users\Martin\AppData\Local\Temp\WEB.DE_MailCheck_FF_WebSetup_sfs_ki20501.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-07-01 07:13
 

==================== End of log ============================

Baane

01.07.2015 06:24

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.2.4 (06.30.2015:2)

OS: Windows 8.1 x64

Ran by Martin on 01.07.2015 at  6:52:58,52

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Tasks
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] C:\ProgramData\tuneup software

Successfully deleted: [Folder] C:\Users\Martin\AppData\Roaming\tuneup software

Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin
 
 
 

~~~ FireFox
 
 
 
 

~~~ Chrome
 
 

[C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 

[C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 

[C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 

[C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 01.07.2015 at  7:13:15,41

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Teil 1 Addition FRST:

Code:

dditional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01

Ran by Martin at 2015-07-01 07:19:37

Running from C:\Users\Martin\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-683499341-1041353402-3527594545-500 - Administrator - Enabled) => C:\Users\Administrator

Gast (S-1-5-21-683499341-1041353402-3527594545-501 - Limited - Disabled)

Martin (S-1-5-21-683499341-1041353402-3527594545-1001 - Administrator - Enabled) => C:\Users\Martin
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}

AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)

Adobe Reader XI - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)

Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version:  - )

AMD Catalyst Install Manager (HKLM\...\{2D803279-E321-E6CE-B27D-CD13196FD7CD}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)

Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)

ArtMoney SE v7.40.5 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.40.5 - System SoftLab)

Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.0.5.0 - )

BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

Command and Conquer 3: Tiberium Wars (HKLM-x32\...\Steam App 24790) (Version:  - EA Los Angeles)

Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.0.0 - COMODO)

COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)

D1400 (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden

D1400_Help (x32 Version: 90.0.235.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )

dj_sf_ProductContext (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden

dj_sf_software (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden

dj_sf_software_req (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden

Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)

DVDFab 8.1.7.8 (17/04/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)

Free YouTube to MP3 Converter version 3.12.59.525 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.525 - DVDVideoSoft Ltd.)

FUSSBALL MANAGER 07 (HKLM-x32\...\{3EE2F527-F306-49E9-0086-662C337ADD3B}) (Version:  - )

FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.4.0 - Electronic Arts)

GeekBuddy (HKLM\...\{E98902C5-09AF-487A-AFAE-D4C386F506C0}) (Version: 4.18.121 - Comodo Security Solutions Inc)

GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Deskjet Printer Driver Software (HKLM\...\{7262D84B-A6AA-40D2-B8DE-56B10EE28BE1}) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)

HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)

Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )

League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden

Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)

Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.05.000 - SEGA)

Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.05.000 - SEGA)

Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.05.000 - SEGA)

Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.05.000 - SEGA)

Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

Movavi Video Editor 10 (HKLM-x32\...\Movavi Video Editor 10) (Version: 10.2.0 - Movavi)

Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)

MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)

NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)

NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)

Origin (HKLM-x32\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.)

PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version:  - CPUID)

phase-6 2.3.3 (HKLM-x32\...\phase-6) (Version: 2.3.3 - phase-6)

Poladroid (HKLM-x32\...\{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}) (Version: 0.9.6.0 - Poladroid.net)

Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)

Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)

Schwert und Speer Ultimat (HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Schwert und Speer Ultimat) (Version:  - )

SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden

Simulationcraft(x64) version 6.1.2.01 (HKLM-x32\...\{AC025546-B7C5-45A7-B16A-80AE482CBB01}_is1) (Version: 6.1.2.01 - Simulationcraft)

Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)

SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.02.0000 - Electronic Arts)

SPORE™ Süß & Schrecklich Ergänzungs-Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)

Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)

Star Wars(TM): Knights of the Old Republic (TM) (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )

Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)

Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

TSLRCM 1.8.1 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version:  - )

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 3.57 - UNKNOWN)

Warcraft Logs Uploader (x32 Version: 3.57 - UNKNOWN) Hidden

WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.0.0.0 - 1&1 Mail & Media GmbH)

WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)

WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version:  - Team17 Digital Ltd.)
 

==================== Custom CLSID (Whitelisted): ==========================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== Restore Points =========================
 

15-06-2015 23:33:43 Geplanter Prüfpunkt

24-06-2015 07:57:49 Geplanter Prüfpunkt
 

==================== Hosts content: ===============================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (Whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Task: {03A8CF97-D768-47B8-AF76-7AB7414FDCF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {11F56EFD-CA88-4F67-8EF4-D5D7478EF6DB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)

Task: {16DB4709-8924-425B-AF82-3258634D2B0C} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)

Task: {389F491A-EC9F-4B7D-946F-CBAFCEC9D0AF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks

Task: {5157DB7C-313D-4688-918D-D8F737C847FC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)

Task: {613D5DDA-C2B0-4509-B56F-8A30E12F581C} - System32\Tasks\{1F44A87C-7151-42FA-AA63-825AF8DCFC7C} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=battle.net --displayname="Battle.net"

Task: {67DDB5D0-C2D2-4151-BD31-56BDFF0D69D5} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)

Task: {707C964D-4452-41CA-911A-6F03F553846E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)

Task: {911F4F22-C7EB-4101-BF01-74C277E2D150} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26] (Google Inc.)

Task: {93520BA5-97A4-4B1F-9980-4CEC3E3CB593} - System32\Tasks\{9CBB7376-FECB-4CF2-9328-3A9446A741EE} => pcalua.exe -a "C:\Users\Martin\Desktop\Age of Empires II\DPLAY61A.EXE" -d "C:\Users\Martin\Desktop\Age of Empires II"

Task: {9DC035A1-A0E9-405D-9794-E7B51FC58190} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-10] (COMODO)

Task: {B0342DA8-9259-43D1-B121-059857C43FB6} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)

Task: {B06942A5-D02F-4193-974E-786E735B8FEC} - System32\Tasks\{8D3C155F-8CDE-478B-9586-69C7C4A4FA69} => pcalua.exe -a "C:\Users\Martin\Desktop\Age of Empires II\UNINSTAL.EXE" -d "C:\Users\Martin\Desktop\Age of Empires II"

Task: {BEB83050-FED7-4B0F-9AE3-395CB9B65C2D} - System32\Tasks\{3D53AAC9-3BB7-4029-832E-415FF26960E0} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup

Task: {C7A6292C-26F5-4B37-AC94-A43C2CB5578B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-10] (COMODO)

Task: {F74496B4-C62E-4222-B361-E96A2BF9BECC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26] (Google Inc.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (Whitelisted) ==============
 

2013-04-15 18:39 - 2015-01-09 00:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-06-22 19:48 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll

2015-06-22 19:48 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll

2015-06-22 19:48 - 2015-06-20 07:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
 

==================== Alternate Data Streams (Whitelisted) =========
 

(If an entry is included in the fixlist, only the ADS will be removed.)
 

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\calc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentServer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID

Baane

01.07.2015 06:25

Teil 2:

Code:

AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvcp120.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlaapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0002.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0020.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\StorageContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdfcoinstaller01009.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMPhoto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\authz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID

Baane

01.07.2015 06:26

Teil 3

Code:

AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DDORes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dplaysvr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dplayx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dpmodemx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dpwsockx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nlaapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PCWizard.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\untfs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID

Baane

01.07.2015 06:27

Letzter Teil:

Code:

AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPhoto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\netaapl64.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbvideo.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Desktop\03 Spieltheorie Spielanalyse Nash Dominante Strategien.docx:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\11125581_879133678841918_1681933074_n.jpg:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\aKBPg9Q_700b.jpg:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\Antrag_Ruecktritt_neu.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\aw7b9RB_700b_v1.jpg:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\CHp7TxkUMAAK4pn.png large.png:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\CIZASwlUAAAU4Fz.png:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\FLT_SDP3B65535_0.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\Forschungsfrage.docx:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\how-to-draw-house-targaryen-house-targaryen-dragon_1_000000015929_5.png:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\kathi konfi.zip:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Desktop\kathi konfi.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\KFZA-Kurzpaper.odt:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\simc-612-02-win64.7z:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Desktop\simc-612-02-win64.7z:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\synced-gaming_launcher_gray.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\U3O8wIm.png:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Desktop\yahoo_contacts.csv:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\01 Erstes Ubungsblatt.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\01 Erstes Ubungsblatt.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\01 Introduction.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\01 Introduction.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\04 Viertes Ubungsblatt.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\04 Viertes Ubungsblatt.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\09 2014_11_19_Datenschutz- und Datensicherheit.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\09 2014_11_19_Datenschutz- und Datensicherheit.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\111-Orte-in-Nürnberg.ods:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\11_VL_BA_ESF II_Kap7-I.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\11_VL_BA_ESF II_Kap7-I.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\1_Introduction to IR.ppt:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\1_Introduction to IR.ppt:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\2_Theorie_Hypothesen_M+S I_SoSe15.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\3_VL_BA_ESF II_Kap3.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\3_VL_BA_ESF II_Kap3.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ActivePython-2.7.2.5-win64-x64.msi:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\ActivePython-2.7.2.5-win64-x64.msi:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\AdobeAIRInstaller.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\AdobeAIRInstaller.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\adwcleaner_4.109.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\adwcleaner_4.111.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\AdwCleaner_4.207.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\AdwCleaner_4.207.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Altoholic_v6.1.001.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Ankuendigung_Vortrag.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Ankuendigung_Vortrag.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Annahme von Willenserklarungen.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Annahme von Willenserklarungen.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Auctionator_0323.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Audacity - CHIP-Installer.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\BA-MHB-WS-2014-15.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\BA-MHB-WS-2014-15.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Bartender4-4.6.7.zip:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Bartender4-4.6.7.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Bartender4-4.6.8.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Battle.net-Setup-deDE(1).exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Battle.net-Setup-deDE.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Battle.net-Setup-deDE.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\BGH NJW 2014, 1805.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\BGH NJW 2014, 1805.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Chronik 1970-1995.online.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Chronik 1970-1995.online.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.0.15 (1).zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.0.15.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.1.0.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.1.4.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.1.8.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.2.0.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Defogger.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Defogger.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Der Verbraucherbegriff nach der Umsetzung der Verbraucherrechterichtlinie.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Der Verbraucherbegriff nach der Umsetzung der Verbraucherrechterichtlinie.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 1 mit Losung.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 1 mit Losung.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 12 mit Losung.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 12 mit Losung.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 14 mit Losung.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 14 mit Losung.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\elvui-7.86.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\elvui-8.10.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap1-2.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap1-2.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2a3-Wdh.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2a3-Wdh.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap3.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap3.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ExRT3440.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.10.0.1_win32-setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.10.1.1_win32-setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.10.3_win64-setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.11.0.1_win64-setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.11.0.2_win64-setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Firefox_Setup_36.0.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Firefox_Setup_36.0.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\FLT_SDP3B65535_0.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag GfK Siegfried Hogl.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag GfK Siegfried Hogl.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag PaG Helen Saade a Andreas Onnen.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag PaG Helen Saade a Andreas Onnen.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\foxyproxy_standard-4.5-sm_tb_fx (1).zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\foxyproxy_standard-4.5-sm_tb_fx.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\FRST64.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\FRST64.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Gmer-19357.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Gmer-19357.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(2).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(2).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen-Ökonometrie-Kapitel-4.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen-Ökonometrie-Kapitel-4.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundwissen Bereicherungsrecht Grundtypen der Kondiktionen.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Grundwissen Bereicherungsrecht Grundtypen der Kondiktionen.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Hohmeyer_Wolff 2010_uebung7.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Hohmeyer_Wolff 2010_uebung7.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung3.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung3.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung4.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung4.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\JRT.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\JRT.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 2.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 2.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 3.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 3.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 4.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 4.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 5.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 5.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 9.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 9.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel Nr. 14.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel Nr. 14.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\kauf_828948_94ea886e901a.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Klausur 10ECTS.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Klausur 10ECTS.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Klausur WS 2010_11.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Klausur WS 2010_11.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Klausurvorbereitung WS14_15.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Klausurvorbereitung WS14_15.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\kw_09_08.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\kw_09_08.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Lerneinheit 1.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Lerneinheit 1.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\LOL_OPGG_Observer_2125424600_spectate.bat:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Losungshinweise Tutoriumseinheit 1.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Losungshinweise Tutoriumseinheit 1.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\MasterPlan-0.33.zip:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\MasterPlan-0.33.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\MasterPlan-0.60.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Mathe-Leitfaden.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Mathe-Leitfaden.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup(1).exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup(1).exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup-2.1.6.1022.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup-2.1.6.1022.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ME09-HMM.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\ME09-HMM.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Merkblatt_BA.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Merkblatt_BA.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\MikroWiSe0910_ProbeklausurLsg.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\MikroWiSe0910_ProbeklausurLsg.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\MinecraftInstaller.msi:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.jar:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.jar:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\MovaviVideoEditorSetupC.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Münch0.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\natuerlicherLogarithmus.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\natuerlicherLogarithmus.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\PO_Bachelorstudiengaenge_JULI2014.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\PO_Bachelorstudiengaenge_JULI2014.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(2).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(2).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht-1.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht-1.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Probeklausur_Absatz.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Probeklausur_Absatz.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\PuTTY - CHIP-Installer.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\rcsetup151_slim.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Rechenweg Markov-Modell.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Rechenweg Markov-Modell.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SG TCP Optimizer - CHIP-Installer.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SilverDragon-v3.1.5.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64 (1).exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64 (1).exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-02-Win64.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-02-Win64.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-07-Win64.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-07-Win64.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-612-01-Win64.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-612-01-Win64.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Skada-1.4-29.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Skada-1.4-30.zip:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Skada-1.4-30.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SkypeSetup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\SkypeSetup.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_0.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_0.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_2.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_2.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_3.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_3.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_4.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_4.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_5.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_5.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(2).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(2).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Stata Einfuehrung.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Stata Einfuehrung.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\statistik_i_5b.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(2).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(2).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\studbesch_51F4B0EB5169D943B9D28A074E0B21AB.cit-prod-tomcat4.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\SUPERAntiSpyware.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\SUPERAntiSpyware.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\TellMeWhen-7.3.1.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\ThogarAssist-v6.0.3-9.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\TidyPlates_6_16_1.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Tor Browser Paket - CHIP-Installer.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\torbrowser-install-4.0.4_de.exe:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\torbrowser-install-4.0.4_de.exe:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Tutoriumsskript.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Tutoriumsskript.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubersicht Willenserklarung.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubersicht Willenserklarung.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 1.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 1.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6(1).pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6(1).pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 7.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 7.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\uebungsskript_deskriptivstatistik_teil_v.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\uebungsskript_deskriptivstatistik_teil_v.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\uetraeger_CEE4D33C2C43F20F6D37F228BA04ADA9.cit-prod-tomcat8.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\uetraeger_CEE4D33C2C43F20F6D37F228BA04ADA9.cit-prod-tomcat8.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\vkw01_jaeckel.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\VWL_SP.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\VWL_SP.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\warcraftlogs.air:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\WeakAuras-2.1.0.3.zip:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\WeakAuras-2.1.0.3.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\WIM-3.6.26.zip:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\WI_SP.pdf:$CmdTcID

AlternateDataStreams: C:\Users\Martin\Downloads\WI_SP.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Martin\Downloads\yab.pdf:$CmdZnID
 

==================== Safe Mode (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (Whitelisted) ===============
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 

==================== Internet Explorer trusted/restricted ===============
 

(If an entry is included in the fixlist, it will be removed from the registry.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg

DNS Servers: 8.8.8.8
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\Services: !SASCORE => 2

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\Services: BBSvc => 2

MSCONFIG\Services: BBUpdate => 3

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: CLPSLauncher => 2

MSCONFIG\Services: DragonUpdater => 2

MSCONFIG\Services: Fax => 3

MSCONFIG\Services: Futuremark SystemInfo Service => 3

MSCONFIG\Services: GeekBuddyRSP => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: hpqcxs08 => 3

MSCONFIG\Services: hpqddsvc => 2

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: MpsSvc => 2

MSCONFIG\Services: Origin Client Service => 3

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: Steam Client Service => 3

MSCONFIG\Services: TapiSrv => 3

HKLM\...\StartupApproved\StartupFolder: => "phase-6 Reminder.lnk"

HKLM\...\StartupApproved\Run: => "CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "icq"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "ApplePhotoStreams"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "Facebook Update"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "iCloudServices"

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 

==================== FirewallRules (Whitelisted) ===============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{02D57F51-8721-43AC-9355-AC8974F0F22E}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe

FirewallRules: [{39EBE1F9-B99F-4E57-A5E3-D62B0C2BCF02}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe

FirewallRules: [{0DCBD549-6F91-4DF7-B836-FF9628497B16}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe

FirewallRules: [{FBCFE49C-8A63-411A-8BE5-0A6D3DB2F36B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe

FirewallRules: [{90CA87E5-157E-494E-9355-DF672FFDB890}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe

FirewallRules: [{2FA9B299-DFE8-41CD-AEAB-5A17A3C24E80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe

FirewallRules: [{A9C6B674-AEC7-437E-8F66-BBDE4452FBC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe

FirewallRules: [{1D33D7D0-AB4B-46AA-97FD-1FF2B9DD0A1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe

FirewallRules: [{5EE15B18-3207-4DDD-A976-DC43052C0A23}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe

FirewallRules: [{7AA757CE-122F-4080-B777-83ED413F2EAB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe

FirewallRules: [{DA10CD7D-0F14-4AD1-9DB9-15B02C9C0A10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe

FirewallRules: [{C4DA08AB-C471-4CFD-BD01-45666B1A3DA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

FirewallRules: [{3806AE6A-905D-4E92-B896-26C0A31CFA8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe

FirewallRules: [{680C0A7D-B498-48C6-BDCF-C7398C1E1A25}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe

FirewallRules: [{49CE7598-A5B8-4583-8652-A0C26A48A510}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

FirewallRules: [{303D534E-28D4-4291-B3A4-EA926A4409C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

FirewallRules: [{127FAB27-1219-427A-82DF-CE36D947AE1A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{ADB36031-1001-48FC-B5FC-951C11D82717}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{EDEE1807-4F04-4563-A103-2750D7FD175E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe

FirewallRules: [{6AD0F808-A318-4320-894E-FE85A50CA8ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe

FirewallRules: [{6A1CF1E4-4EA6-40D4-9414-DF30E202263C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe

FirewallRules: [{74AAFFF7-279F-46FC-AC77-72363C337B35}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe

FirewallRules: [{16D8F0D2-30D4-4F17-A129-625C0AA1FA1E}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

FirewallRules: [{88FE9E0E-8B74-4769-99C6-92C205DE5B63}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

FirewallRules: [{0B0FE71F-FBFB-4A40-A22D-CED211C4D614}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

FirewallRules: [{004DA7F5-C6F2-4CBC-BE57-4F04AB43B916}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

FirewallRules: [{1FF83A51-E093-4276-B60F-67F513D9E8B3}] => (Allow) C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\game.dat

FirewallRules: [{14DBD80B-5884-4BF8-B6A0-EA2D5F0A7983}] => (Allow) C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\game.dat

FirewallRules: [UDP Query User{F54B3F50-8DF3-4652-9BAA-B7DDF09DA187}C:\sierra\empire earth\empire earth.exe] => (Block) C:\sierra\empire earth\empire earth.exe

FirewallRules: [TCP Query User{0C62ED83-576D-457A-B7C0-A088E3EA3EC7}C:\sierra\empire earth\empire earth.exe] => (Block) C:\sierra\empire earth\empire earth.exe

FirewallRules: [{316D42C9-B326-4EEB-B44E-18793AE48082}] => (Block) C:\windows\syswow64\dplaysvr.exe

FirewallRules: [{CCEB3FCE-7535-4796-8BAF-C5FB36AC6E35}] => (Block) C:\windows\syswow64\dplaysvr.exe

FirewallRules: [UDP Query User{392CEE40-8F43-4093-97AA-800C2FE046D6}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe

FirewallRules: [TCP Query User{E519B489-A61F-464F-A124-E9A03495E6DC}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe

FirewallRules: [UDP Query User{9DBBB315-5690-4D84-B9B1-5710BB63AD1F}C:\users\martin\desktop\age of empires ii\empires2.exe] => (Allow) C:\users\martin\desktop\age of empires ii\empires2.exe

FirewallRules: [TCP Query User{1C597B41-EB89-48C9-9D97-6420B831FB68}C:\users\martin\desktop\age of empires ii\empires2.exe] => (Allow) C:\users\martin\desktop\age of empires ii\empires2.exe

FirewallRules: [{AD4DFDF2-9BB2-4667-9AAA-8FC23F15705F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{FF5BCB0F-472B-4E53-89BA-74301083D8E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe

FirewallRules: [{57D1A7B3-8418-4E14-AF88-92FEF5CBFF84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe

FirewallRules: [{20E9758E-58EC-46AB-8D2F-FBB1660753FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe

FirewallRules: [{7CA94948-D896-4A24-B500-8635CC843B88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe

FirewallRules: [UDP Query User{1A7E808A-E3FC-494B-8EFF-E189AF6C23D1}C:\programdata\battle.net\agent\agent.1544\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1544\agent.exe

FirewallRules: [TCP Query User{6CCE4378-FF17-41FA-AC7B-79869D9C399B}C:\programdata\battle.net\agent\agent.1544\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1544\agent.exe

FirewallRules: [{017312AA-990D-4692-92D4-1E52DF0CF2D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\panfa6\counter-strike source\hl2.exe

FirewallRules: [{FAA7DE77-8B26-453B-8B30-A397AFE21C85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\panfa6\counter-strike source\hl2.exe

FirewallRules: [{BF8F0F0B-4922-4486-9C3E-B01A23FA8832}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{3F48413D-58DF-4D26-95C0-E17E9BB977CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{ACB6E90E-C40C-41A8-BA8E-3BC3B84BD69F}] => (Allow) C:\Users\Martin\AppData\Roaming\ICQM\icq.exe

FirewallRules: [{F30936EF-F6CF-49FC-B956-2E79BBE9596C}] => (Allow) C:\Users\Martin\AppData\Roaming\ICQM\icq.exe

FirewallRules: [{CE05D2C9-A416-4F88-A6C6-06094A9DC88A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe

FirewallRules: [{E42A538C-813C-4601-B233-E0E85EB432C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe

FirewallRules: [UDP Query User{21A5FFF9-3EEA-4A9F-9FAC-72404907F704}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1040\agent.exe

FirewallRules: [TCP Query User{C20AA7FF-44FF-4C08-8A6E-1836B5FB2F40}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1040\agent.exe

FirewallRules: [{132E2013-3982-42B1-94B6-6DE7997AAEE0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe

FirewallRules: [{E305D310-F8CF-4388-B03A-BC8EDFC50195}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe

FirewallRules: [{0E77881C-D498-41E4-AA64-363B76DA1842}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe

FirewallRules: [{48B81B0A-2D7C-494B-8F41-84915939ED39}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe

FirewallRules: [{647F9546-8E20-4F1C-87D6-3104050C7FF4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{E52C813F-E311-44E1-9DB5-A0919633E0BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{0BAA4276-8EDD-4075-A529-01B57A915004}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{7A0FB5D1-6E28-4C2E-B53C-E423B9985F38}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{1E556905-A747-4C78-92E0-574F71E9E68D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{F66F3367-4F79-4B43-9895-6F16639B14E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [TCP Query User{D0DB1B0E-F898-49A3-A4ED-B6848B73CAAD}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe

FirewallRules: [UDP Query User{384533A7-3315-4188-9247-39FA9D0AA920}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe

FirewallRules: [{6EAD6FBE-7231-49CE-A226-AAB9D82FD8BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{B4712EF8-87AF-482F-AE68-27B5A9F6BEA7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{E5C663FA-14C0-4A0A-80AA-7127CA2ACCA3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{B7BEC7B2-B43C-4DB0-8DF8-2AAB2AED4A32}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{962C5C41-08F0-45FB-990B-10CA0D7148CD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{C69CA34E-EB7F-4AF7-A3C0-F495E661178B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [TCP Query User{D274668E-31F5-4F51-AD80-CDE8FDFCB6F8}E:\worms\steamapps\common\worms armageddon\wa.exe] => (Allow) E:\worms\steamapps\common\worms armageddon\wa.exe

FirewallRules: [UDP Query User{36EB450B-38BF-495B-8657-251BAB95425D}E:\worms\steamapps\common\worms armageddon\wa.exe] => (Allow) E:\worms\steamapps\common\worms armageddon\wa.exe

FirewallRules: [{95E5B99A-85EB-4A20-956C-B521D2C3572D}] => (Block) E:\worms\steamapps\common\worms armageddon\wa.exe

FirewallRules: [{C58AB113-FBC1-4E43-BF27-29389EEA65D3}] => (Block) E:\worms\steamapps\common\worms armageddon\wa.exe

FirewallRules: [TCP Query User{D5536BF9-78D2-472E-A58A-A382742F099A}C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe

FirewallRules: [UDP Query User{CD626AB9-EA54-483B-9960-73191AE832CC}C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe

FirewallRules: [TCP Query User{CFCEE9D2-ABC3-47BB-9FC4-859F44B2C050}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [UDP Query User{D1EB3061-FC2A-451E-BB97-44A1E53560FD}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [TCP Query User{300E592E-F3C0-4493-9395-4C581ABF1662}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [UDP Query User{60F50F99-1506-4B8D-AA01-E7CA45347A42}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [{95E8E020-EE04-4EB7-8D0B-2731955A9B7E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{0A660151-1DAC-4011-B0E4-8F427F0E353C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{7F1C0906-B7F2-434D-AE7E-1163E8AD8E84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{239FA175-4E42-431E-A03F-6BE1C07EAA56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{40918112-C08B-4B28-9289-A7D0AB6B9C43}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

FirewallRules: [{A93F574D-3825-4AF8-B679-4E634D7012AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{6FBC854D-003E-49F0-B283-5FE2D0671862}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{DF0C41C7-03E3-43C2-B154-82FA0A25BCDA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe

FirewallRules: [{61569E20-01D1-4E3A-81F1-E086C5244365}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe

FirewallRules: [{79434C34-E8F0-4B02-A056-722D3BCEC498}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe

FirewallRules: [{E647FDC6-6027-439D-A4CC-6D7693988E15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe

FirewallRules: [{300D65B0-A1D7-4988-AB3C-88719DDC17E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/30/2015 11:40:15 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/29/2015 00:41:36 AM) (Source: Perflib) (EventID: 1015) (User: )

Description: PerfProcC:\WINDOWS\System32\perfproc.dll0
 

Error: (06/29/2015 00:41:27 AM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/27/2015 11:24:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 3.1.2000.0, Zeitstempel: 0x545adf9d

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336

Ausnahmecode: 0xc0000142

Fehleroffset: 0x00000000000ec180

ID des fehlerhaften Prozesses: 0x1600

Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0

Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1

Pfad des fehlerhaften Moduls: nvstreamsvc.exe2

Berichtskennung: nvstreamsvc.exe3

Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5
 

Error: (06/27/2015 01:02:03 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/26/2015 08:19:28 PM) (Source: Steam Client Service) (EventID: 1) (User: )

Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe
 

Error: (06/26/2015 00:12:14 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/26/2015 03:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 43.0.2357.130, Zeitstempel: 0x5584c777

Name des fehlerhaften Moduls: delegate_execute.exe, Version: 43.0.2357.130, Zeitstempel: 0x5584c777

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0002aaef

ID des fehlerhaften Prozesses: 0x4168

Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0

Pfad der fehlerhaften Anwendung: delegate_execute.exe1

Pfad des fehlerhaften Moduls: delegate_execute.exe2

Berichtskennung: delegate_execute.exe3

Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5
 

Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1005) (User: )

Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:

Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten

Speichertreibern, oder der Datenträger fehlt.

Das Programm FUSSBALL MANAGER 13 wurde wegen dieses Fehlers geschlossen.
 

Programm: FUSSBALL MANAGER 13

Datei: 
 

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.

Benutzeraktion

1. Öffnen Sie die Datei erneut.

Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.

2.

Wenn Sie weiterhin nicht auf die Datei zugreifen können und

        - diese sich im Netzwerk befindet, 

dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.

        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.

3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.

4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.

5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 

Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
 

Zusätzliche Daten

Fehlerwert: 00000000

Datenträgertyp: 0
 

Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: Manager13.exe, Version: 1.0.4.0, Zeitstempel: 0x026d3040

Name des fehlerhaften Moduls: Manager13.exe, Version: 1.0.4.0, Zeitstempel: 0x026d3040

Ausnahmecode: 0xc000001d

Fehleroffset: 0x014f5fb0

ID des fehlerhaften Prozesses: 0x2c1c

Startzeit der fehlerhaften Anwendung: 0xManager13.exe0

Pfad der fehlerhaften Anwendung: Manager13.exe1

Pfad des fehlerhaften Moduls: Manager13.exe2

Berichtskennung: Manager13.exe3

Vollständiger Name des fehlerhaften Pakets: Manager13.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Manager13.exe5
 
 

System errors:

=============

Error: (07/01/2015 07:15:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: microsoft.windowscommunicationsapps
 

Error: (07/01/2015 07:14:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingFoodAndDrink
 

Error: (07/01/2015 07:14:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingNews
 

Error: (07/01/2015 07:14:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingTravel
 

Error: (07/01/2015 07:14:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingWeather
 

Error: (07/01/2015 07:14:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.SkypeApp
 

Error: (07/01/2015 07:14:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingFinance
 

Error: (07/01/2015 07:14:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingHealthAndFitness
 

Error: (07/01/2015 07:13:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingSports
 

Error: (07/01/2015 07:13:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.ZuneVideo
 
 

Microsoft Office:

=========================

Error: (06/30/2015 11:40:15 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/29/2015 00:41:36 AM) (Source: Perflib) (EventID: 1015) (User: )

Description: PerfProcC:\WINDOWS\System32\perfproc.dll0
 

Error: (06/29/2015 00:41:27 AM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/27/2015 11:24:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: nvstreamsvc.exe3.1.2000.0545adf9dntdll.dll6.3.9600.17736550f4336c000014200000000000ec180160001d0b11f998b4bd2C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\WINDOWS\SYSTEM32\ntdll.dlld8396700-1d12-11e5-819e-3085a99e46fb
 

Error: (06/27/2015 01:02:03 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/26/2015 08:19:28 PM) (Source: Steam Client Service) (EventID: 1) (User: )

Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe
 

Error: (06/26/2015 00:12:14 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8
 

Error: (06/26/2015 03:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: delegate_execute.exe43.0.2357.1305584c777delegate_execute.exe43.0.2357.1305584c777c00000050002aaef416801d0afacb4d5c99bC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\delegate_execute.exef8df3904-1b9f-11e5-819d-3085a99e46fb
 

Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1005) (User: )

Description: FUSSBALL MANAGER 13000000000
 

Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Manager13.exe1.0.4.0026d3040Manager13.exe1.0.4.0026d3040c000001d014f5fb02c1c01d0af4afb4bbeb4C:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exeC:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exe3d4584eb-1b3e-11e5-819d-3085a99e46fb
 
 

CodeIntegrity Errors:

===================================

  Date: 2015-07-01 07:16:59.360

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-07-01 06:47:27.603

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-07-01 02:43:44.222

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-07-01 02:31:50.909

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-07-01 02:24:41.570

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-07-01 02:13:57.857

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-07-01 01:45:54.001

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-06-30 20:34:04.046

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-06-30 18:59:47.017

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2015-06-30 18:51:32.233

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 

==================== Memory info =========================== 
 

Processor: AMD FX(tm)-4100 Quad-Core Processor 

Percentage of memory in use: 39%

Total physical RAM: 8120.43 MB

Available physical RAM: 4891.17 MB

Total Pagefile: 9400.43 MB

Available Pagefile: 5563.1 MB

Total Virtual: 131072 MB

Available Virtual: 131071.81 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:930.56 GB) (Free:381.46 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: B97C5BC3)
 

Partition: GPT Partition Type.
 

==================== End of log ============================

Danke für die super Anleitung bis hierher, selbst für unerfahrene Nutzer super nachvollziehbar! :)

gruß baane

schrauber

01.07.2015 11:39

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Baane

02.07.2015 18:52

Hey schrauber,

Werde das erst Sonntag machen können, gerade von berufswegen unterwegs und den Rechner nicht in Reichweite.
Nicht dass du denkst ich hätte es vergessen! :)

LG

schrauber

03.07.2015 06:25

ok :)

Baane

06.07.2015 12:24

So jetzt aber, hat etwas länger gedauert als gehofft, sry dafür.

ESET Log:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=463e335b3adbaf45bcb7a4e7ffd1909d

# end=init

# utc_time=2015-07-06 08:19:02

# local_time=2015-07-06 10:19:02 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.2.9200 NT 

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=463e335b3adbaf45bcb7a4e7ffd1909d

# end=init

# utc_time=2015-07-06 08:19:34

# local_time=2015-07-06 10:19:34 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.2.9200 NT 

Update Init

Update Download

Update Finalize

Updated modules version: 24656

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=463e335b3adbaf45bcb7a4e7ffd1909d

# end=updated

# utc_time=2015-07-06 08:24:06

# local_time=2015-07-06 10:24:06 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.2.9200 NT 

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=463e335b3adbaf45bcb7a4e7ffd1909d

# engine=24656

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-07-06 10:27:46

# local_time=2015-07-06 12:27:46 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.2.9200 NT 

# compatibility_mode_1='COMODO Antivirus'

# compatibility_mode=3081 16777213 100 100 2218734 45179460 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 82 8522340 82898772 0 0

# scanned=464196

# found=8

# cleaned=7

# scan_time=7419

sh=03F3D64CF5180DE500F74B7A2E0386672756150F ft=1 fh=8149ba48ef0d093b vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{C1230AE4-1DED-4B26-97FC-99E557733333}"

sh=124DD861FE8EEFB411E06DCE602AC64F60E57D4F ft=1 fh=2ee7a4149b7d5fc3 vn="Variante von Win32/Adware.SpeedingUpMyPC.AD Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\smart pc cleaner\SPCGuard.exe.vir"

sh=3FCC2C02DF3CA3D9B0E1F4C0D68BBA3DC907AE42 ft=1 fh=ef5d1b6f05555b69 vn="Variante von Win32/Adware.SpeedingUpMyPC.AI Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\smart pc cleaner\SPCLauncher.exe.vir"

sh=277F6BA53EFBC2083455CD788EEB5DC664411835 ft=1 fh=6752c57b4709cf0a vn="Variante von Win32/Adware.SpeedingUpMyPC.AL Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\smart pc cleaner\SPCReminder.exe.vir"

sh=8B80AE4FC428033E2D526D9D730E3097DFAB70ED ft=1 fh=7972f71052edd36b vn="Variante von Win32/Adware.SpeedingUpMyPC.AL Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\smart pc cleaner\SPCSchedule.exe.vir"

sh=F499B06BD99EB5C7BBE309A97166D81BDBFBCDAF ft=1 fh=d27633e190f62233 vn="Variante von Win32/Adware.SpeedingUpMyPC.AL Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\smart pc cleaner\SPCSmartScan.exe.vir"

sh=82D357DFA5BE8128758F0FF24DE307A8DC75544B ft=1 fh=ff64b65f461019c4 vn="Variante von Win32/Adware.SpeedingUpMyPC.AM Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\smart pc cleaner\SPCUninstaller.exe.vir"

sh=03F3D64CF5180DE500F74B7A2E0386672756150F ft=1 fh=8149ba48ef0d093b vn="Variante von Win32/SpeedingUpMyPC Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{C1230AE4-1DED-4B26-97FC-99E557733333}"

SecurityCheck:

Code:

Results of screen317's Security Check version 1.004  

   x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Windows Defender   

COMODO Antivirus   

 Antivirus up to date!  
 `````````Anti-malware/Other Utilities Check:````````` 

 Java version 32-bit out of Date! 

  Adobe Flash Player         17.0.0.190 Flash Player out of Date!  

 Adobe Reader XI  

 Mozilla Firefox (38.0.5) 

 Google Chrome (43.0.2357.124) 

 Google Chrome (43.0.2357.130) 
 ````````Process Check: objlist.exe by Laurent````````  

 Comodo Firewall cmdagent.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

FRST:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01

Ran by Martin (administrator) on KOPPMANN on 06-07-2015 13:23:11

Running from C:\Users\Martin\Downloads

Loaded Profiles: Martin (Available Profiles: Martin & Administrator)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-11-28] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-11-28] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-12-12] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-10] (COMODO)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-06-20] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-06-20] (Apple Inc.)

HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-06-08] (Oracle Corporation)

HKLM-x32\...\Run: [RoccatKonePure] => C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE [561152 2015-07-06] (ROCCAT GmbH)

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-01-28] (Apple Inc.)

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-01-28] (Apple Inc.)

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-11] (SUPERAntiSpyware)

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)

AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-04-25]

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2013-11-20]

ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-683499341-1041353402-3527594545-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-08] (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-08] (Oracle Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{0B79355F-0C5D-4A23-87FC-1205805516AD}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{0B79355F-0C5D-4A23-87FC-1205805516AD}: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()

FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-08] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-08] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-12] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\donottrackplus@abine.com [2015-06-22]

FF Extension: FoxyProxy Standard - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\foxyproxy@eric.h.jung [2015-06-22]

FF Extension: Flashblock - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-06-22]

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-22]

FF Extension: anonymoX - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\client@anonymox.net.xpi [2015-06-22]

FF Extension: NoScript - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-22]

FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-22]

FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-22]
 

Chrome: 

=======

CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-26]

CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-26]

CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-26]

CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-26]

CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]

CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-26]

CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Martin\AppData\LocalLow\proxtube\CHROME\proxtube.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-11] (SUPERAntiSpyware.com)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-06-20] (Apple Inc.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-29] (Microsoft Corporation)

S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-10] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-10] (COMODO)

S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()

R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2012-11-28] (DTS)

S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-12-12] (NVIDIA Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-07-01] (Malwarebytes Corporation)

S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-12-12] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-12-12] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-02] (Electronic Arts)

S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-29] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 aswnet; C:\Windows\System32\Drivers\aswnet.sys [468144 2013-01-21] (AVAST Software)

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)

R1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [40224 2012-09-21] (Windows (R) Win 7 DDK provider)

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)

R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)

S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2015-01-17] (CPUID)

S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-11-03] (LogMeIn Inc.)

R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()

R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-07-01] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-07-01] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-12-12] (NVIDIA Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-29] (Microsoft Corporation)

S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== One Month Created files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-07-06 13:15 - 2015-07-06 13:15 - 00852662 _____ C:\Users\Martin\Downloads\SecurityCheck.exe

2015-07-06 10:18 - 2015-07-06 10:18 - 02870984 _____ (ESET) C:\Users\Martin\Downloads\esetsmartinstaller_deu.exe

2015-07-06 09:03 - 2015-07-06 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT

2015-07-06 09:03 - 2015-07-06 09:03 - 00000000 ____D C:\Program Files (x86)\ROCCAT

2015-07-06 09:02 - 2015-07-06 09:02 - 24907859 _____ C:\Users\Martin\Downloads\ROCCAT_Kone_Pure_DRV1.14_FW1.21.zip

2015-07-06 09:02 - 2015-07-06 09:02 - 00000000 ____D C:\Users\Martin\Desktop\Roccat

2015-07-03 00:32 - 2015-07-03 00:36 - 00000000 ____D C:\Users\Martin\Desktop\Flips

2015-07-03 00:04 - 2015-07-03 00:04 - 00000000 ____D C:\Users\Martin\Desktop\Rescue Laptop

2015-07-01 12:21 - 2015-07-01 12:21 - 00000000 ____D C:\Users\Martin\.SimulationCraft

2015-07-01 12:21 - 2015-07-01 12:21 - 00000000 ____D C:\Users\Martin\.QtWebEngineProcess

2015-07-01 12:20 - 2015-07-01 12:20 - 42858173 _____ (Simulationcraft ) C:\Users\Martin\Downloads\SimcSetup-620-01-Win64 (1).exe

2015-07-01 12:14 - 2015-07-01 12:21 - 00000862 _____ C:\Users\Public\Desktop\Simulationcraft(x64).lnk

2015-07-01 12:09 - 2015-07-01 12:09 - 42858173 _____ (Simulationcraft ) C:\Users\Martin\Downloads\SimcSetup-620-01-Win64.exe

2015-07-01 07:19 - 2015-07-01 07:20 - 00344432 _____ C:\Users\Martin\Downloads\Addition.txt

2015-07-01 07:18 - 2015-07-06 13:23 - 00017745 _____ C:\Users\Martin\Downloads\FRST.txt

2015-07-01 06:52 - 2015-07-01 06:52 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-KOPPMANN-Windows-8.1-(64-bit).dat

2015-07-01 06:52 - 2015-07-01 06:52 - 00000000 ____D C:\RegBackup

2015-07-01 05:46 - 2015-07-01 05:46 - 02950701 _____ (Malwarebytes Corporation) C:\Users\Martin\Downloads\JRT.exe

2015-07-01 05:46 - 2015-07-01 05:46 - 02244096 _____ C:\Users\Martin\Downloads\AdwCleaner_4.207.exe

2015-07-01 05:45 - 2015-07-01 05:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.1.6.1022.exe

2015-06-30 23:33 - 2015-06-30 23:33 - 00016800 ____R C:\Users\Martin\Desktop\KFZA-Kurzpaper.odt

2015-06-29 06:21 - 2015-06-29 06:21 - 00380416 _____ C:\Users\Martin\Downloads\Gmer-19357.exe

2015-06-29 06:16 - 2015-07-06 13:23 - 00000000 ____D C:\FRST

2015-06-29 06:16 - 2015-07-06 13:21 - 00000000 ____D C:\Users\Martin\Desktop\TrojanerBoard

2015-06-29 06:15 - 2015-06-29 06:15 - 02112512 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe

2015-06-29 06:14 - 2015-06-29 06:14 - 00050477 _____ C:\Users\Martin\Downloads\Defogger.exe

2015-06-29 06:14 - 2015-06-29 06:14 - 00000000 _____ C:\Users\Martin\defogger_reenable

2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Movavi

2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Movavi

2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Deshaker

2015-06-28 04:35 - 2015-06-28 04:35 - 00001132 _____ C:\Users\Public\Desktop\Movavi Video Editor 10.lnk

2015-06-28 04:35 - 2015-06-28 04:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 10

2015-06-28 04:34 - 2015-06-28 04:35 - 00000000 ____D C:\Program Files (x86)\Movavi Video Editor 10

2015-06-28 04:33 - 2015-06-28 04:33 - 00005005 _____ C:\ProgramData\wmzddnmb.cix

2015-06-28 04:33 - 2015-06-28 04:33 - 00000000 ____D C:\ProgramData\Movavi Video Editor 10

2015-06-28 04:31 - 2015-06-28 04:32 - 122618720 _____ (Movavi) C:\Users\Martin\Downloads\MovaviVideoEditorSetupC.exe

2015-06-28 03:59 - 2015-06-28 04:26 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel Teamspeak

2015-06-27 20:08 - 2015-06-27 20:08 - 06477032 _____ (Tim Kosse) C:\Users\Martin\Downloads\FileZilla_3.11.0.2_win64-setup.exe

2015-06-27 14:44 - 2015-06-27 14:44 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft Logs Uploader.lnk

2015-06-27 14:44 - 2015-06-27 14:44 - 00001023 _____ C:\Users\Public\Desktop\Warcraft Logs Uploader.lnk

2015-06-27 14:44 - 2015-06-27 14:44 - 00000000 ____D C:\Program Files (x86)\Warcraft Logs Uploader

2015-06-27 14:42 - 2015-06-27 14:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia

2015-06-27 14:42 - 2015-06-27 14:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

2015-06-27 14:20 - 2015-06-27 14:20 - 18054744 _____ (Adobe Systems Inc.) C:\Users\Martin\Downloads\AdobeAIRInstaller.exe

2015-06-27 14:20 - 2015-06-27 14:20 - 01371985 _____ C:\Users\Martin\Downloads\warcraftlogs.air

2015-06-25 10:48 - 2015-06-25 10:48 - 00098110 _____ C:\Users\Martin\Downloads\MasterPlan-0.60.zip

2015-06-25 09:48 - 2015-06-25 15:45 - 00000000 ____D C:\Users\Martin\Desktop\AltesIphoneFinal2015

2015-06-24 14:44 - 2015-06-24 14:44 - 02528274 _____ C:\Users\Martin\Downloads\DBM-Core-6.2.0.zip

2015-06-24 07:07 - 2015-06-24 07:33 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel Screens

2015-06-22 02:34 - 2015-07-01 05:46 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-06-22 02:26 - 2015-06-22 02:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup(1).exe

2015-06-22 00:15 - 2015-06-22 00:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup.exe

2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Users\Martin\Downloads\Malwarebytes-Anti-Malware

2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Browser-Security

2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck

2015-06-20 04:05 - 2015-06-20 04:05 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-06-20 04:05 - 2015-06-20 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files\iTunes

2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files\iPod

2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-06-19 19:57 - 2015-06-19 19:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX

2015-06-15 20:07 - 2015-06-15 20:07 - 00000000 _____ C:\Users\Martin\Desktop\Neues Textdokument.txt

2015-06-10 21:36 - 2015-06-10 21:36 - 00202295 _____ C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip

2015-06-10 21:31 - 2015-06-13 20:10 - 00018012 _____ C:\Users\Martin\Desktop\ChamaleonOffbeat.aup

2015-06-10 21:31 - 2015-06-10 21:31 - 00031037 _____ C:\Users\Martin\Desktop\ChamaleonOffbeatSIcherung.aup

2015-06-10 21:31 - 2015-06-10 21:31 - 00000000 ____D C:\Users\Martin\Desktop\ChamaleonOffbeatSIcherung_data

2015-06-10 21:31 - 2015-06-10 21:31 - 00000000 ____D C:\Users\Martin\Desktop\ChamaleonOffbeat_data

2015-06-10 20:37 - 2015-06-10 20:37 - 00001548 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk

2015-06-10 20:37 - 2015-06-10 20:37 - 00001257 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk

2015-06-10 20:37 - 2015-06-10 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2015-06-10 20:36 - 2015-06-10 20:36 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack

2015-06-10 20:35 - 2015-06-10 20:35 - 36127464 _____ (DVDVideoSoft Ltd. ) C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe

2015-06-10 20:33 - 2015-06-10 20:33 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2015-06-10 20:33 - 2015-06-10 20:33 - 00001019 _____ C:\Users\Public\Desktop\Audacity.lnk

2015-06-10 20:33 - 2015-06-10 20:33 - 00000000 ____D C:\Program Files (x86)\Audacity

2015-06-10 20:29 - 2015-06-10 20:29 - 01197344 _____ C:\Users\Martin\Downloads\Audacity - CHIP-Installer.exe

2015-06-10 20:10 - 2015-06-24 15:35 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-06-10 20:10 - 2015-06-24 15:35 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-10 15:44 - 2015-06-10 15:44 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-06-10 15:44 - 2015-06-10 15:44 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-06-10 15:44 - 2015-06-10 15:44 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

2015-06-10 15:44 - 2015-06-10 15:44 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

2015-06-10 15:44 - 2015-06-10 15:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe

2015-06-10 15:44 - 2015-06-10 15:44 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2015-06-10 15:44 - 2015-06-10 15:44 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe

2015-06-10 15:44 - 2015-06-10 15:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2015-06-10 15:44 - 2015-06-10 15:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll

2015-06-10 15:44 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2015-06-10 15:44 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2015-06-10 15:44 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml

2015-06-10 15:43 - 2015-06-10 15:43 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2015-06-09 01:50 - 2015-06-09 01:50 - 13095136 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\Silverlight_x64 (1).exe

2015-06-09 01:41 - 2015-06-09 01:42 - 13095136 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\Silverlight_x64.exe

2015-06-08 18:48 - 2015-06-08 18:48 - 00000000 ____D C:\Users\Martin\AppData\Local\GWX

2015-06-08 09:56 - 2015-06-25 23:04 - 00000000 ____D C:\Users\Martin\AppData\Roaming\.minecraft

2015-06-08 09:55 - 2015-06-08 10:06 - 00000000 ____D C:\Program Files (x86)\Minecraft

2015-06-08 09:55 - 2015-06-08 09:55 - 02314240 _____ C:\Users\Martin\Downloads\MinecraftInstaller.msi

2015-06-08 09:55 - 2015-06-08 09:55 - 00000973 _____ C:\Users\Public\Desktop\Minecraft.lnk

2015-06-08 09:55 - 2015-06-08 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft

2015-06-08 09:54 - 2015-06-08 09:54 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

2015-06-08 09:54 - 2015-06-08 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-06-08 09:54 - 2015-06-08 09:54 - 00000000 ____D C:\Program Files\Java

2015-06-08 09:48 - 2015-06-08 09:48 - 01197344 _____ C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe

2015-06-07 18:29 - 2015-06-07 18:29 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2015-06-07 18:29 - 2015-06-07 18:29 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
 

==================== One Month Modified files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-07-06 13:21 - 2012-12-13 15:21 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat

2015-07-06 13:06 - 2012-12-18 20:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\TS3Client

2015-07-06 13:05 - 2013-08-22 16:46 - 00442525 _____ C:\WINDOWS\setupact.log

2015-07-06 13:03 - 2015-01-13 18:30 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-07-06 13:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru

2015-07-06 12:49 - 2014-10-21 05:10 - 01289137 _____ C:\WINDOWS\WindowsUpdate.log

2015-07-06 12:47 - 2014-04-26 14:55 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-06 10:15 - 2014-09-24 08:17 - 02129096 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-07-06 10:15 - 2014-09-24 07:43 - 01025754 _____ C:\WINDOWS\system32\perfh007.dat

2015-07-06 10:15 - 2014-09-24 07:43 - 00245418 _____ C:\WINDOWS\system32\perfc007.dat

2015-07-06 10:10 - 2015-02-25 16:32 - 00000000 ____D C:\Users\Martin\AppData\Local\Battle.net

2015-07-06 09:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-07-06 09:03 - 2012-11-28 12:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2015-07-06 08:55 - 2014-04-26 14:55 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-06 00:02 - 2014-10-21 05:10 - 00000000 ____D C:\ProgramData\NVIDIA

2015-07-06 00:02 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-07-03 01:04 - 2014-11-10 18:30 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FileZilla

2015-07-03 00:19 - 2013-01-07 20:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc

2015-07-02 15:28 - 2013-11-05 18:27 - 00000000 ____D C:\ProgramData\Origin

2015-07-02 14:54 - 2013-11-05 18:26 - 00000000 ____D C:\Program Files (x86)\Origin

2015-07-02 03:10 - 2013-01-21 05:46 - 00000000 ____D C:\Users\Martin\Desktop\World of Warcraft

2015-07-01 22:25 - 2012-11-28 11:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-683499341-1041353402-3527594545-1001

2015-07-01 13:02 - 2014-06-22 17:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\SimulationCraft

2015-07-01 12:21 - 2014-10-21 05:20 - 00000000 ____D C:\Users\Martin

2015-07-01 12:14 - 2015-01-06 00:18 - 00000000 ____D C:\Simulationcraft(x64)

2015-07-01 06:44 - 2013-08-22 16:44 - 00363608 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-07-01 06:44 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2015-07-01 06:43 - 2014-04-15 20:05 - 00000000 ____D C:\AdwCleaner

2015-07-01 05:46 - 2014-04-17 17:29 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-07-01 05:46 - 2014-04-17 17:28 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-07-01 05:46 - 2014-04-17 17:28 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-07-01 05:46 - 2014-04-17 17:28 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-07-01 05:46 - 2014-04-17 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-07-01 05:46 - 2014-04-17 17:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-07-01 04:14 - 2015-05-16 23:00 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm

2015-06-29 23:53 - 2015-02-25 16:32 - 00000000 ____D C:\Program Files (x86)\Battle.net

2015-06-27 14:44 - 2012-12-13 14:40 - 00000000 ____D C:\ProgramData\Adobe

2015-06-27 14:44 - 2012-11-28 10:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Adobe

2015-06-27 14:42 - 2012-12-15 01:20 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe

2015-06-27 14:42 - 2012-12-15 01:14 - 00000000 ____D C:\Program Files (x86)\Adobe

2015-06-26 20:20 - 2014-11-09 03:11 - 00000000 ____D C:\Program Files (x86)\Steam

2015-06-26 14:45 - 2014-09-23 23:06 - 00021992 _____ C:\WINDOWS\PFRO.log

2015-06-25 16:05 - 2014-11-06 20:55 - 00000600 _____ C:\Users\Martin\AppData\Local\PUTTY.RND

2015-06-25 10:26 - 2015-02-12 09:52 - 00000000 ____D C:\Users\Martin\Desktop\Nudeanna

2015-06-24 20:05 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-06-24 07:09 - 2014-09-24 14:11 - 00000000 ____D C:\Users\Martin\Desktop\la fotografia

2015-06-24 04:40 - 2015-02-05 05:24 - 00067082 _____ C:\Users\Martin\Desktop\Email1.odt

2015-06-24 04:15 - 2015-03-01 18:51 - 00000000 ____D C:\Users\Martin\Desktop\Tor Browser

2015-06-23 19:03 - 2015-01-13 18:30 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-06-22 00:02 - 2015-04-24 00:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-06-20 04:08 - 2015-04-21 13:59 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-683499341-1041353402-3527594545-500

2015-06-20 04:05 - 2012-08-21 13:01 - 00125872 _____ (GEAR Software Inc.) C:\WINDOWS\system32\GEARAspi64.dll

2015-06-20 04:05 - 2012-08-21 13:01 - 00106928 _____ (GEAR Software Inc.) C:\WINDOWS\SysWOW64\GEARAspi.dll

2015-06-20 04:04 - 2013-05-16 12:55 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-06-18 01:11 - 2014-12-12 01:19 - 00948588 _____ C:\WINDOWS\system32\Drivers\fvstore.dat

2015-06-17 00:44 - 2014-05-01 16:16 - 00000000 ____D C:\Program Files (x86)\Hearthstone

2015-06-13 20:10 - 2013-01-31 03:47 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Audacity

2015-06-11 01:40 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache

2015-06-10 20:37 - 2013-01-07 20:12 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft

2015-06-10 20:36 - 2013-01-07 20:12 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DVDVideoSoft

2015-06-10 18:53 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData

2015-06-10 18:52 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2015-06-10 18:48 - 2013-09-18 11:39 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-06-10 18:41 - 2012-12-12 22:46 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-06-08 09:39 - 2015-03-01 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-06-08 09:38 - 2015-04-16 02:36 - 00000000 ____D C:\WINDOWS\system32\appraiser

2015-06-08 09:38 - 2014-09-24 09:43 - 00000000 ___SD C:\WINDOWS\system32\CompatTel

2015-06-08 09:03 - 2015-01-28 00:21 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel.Server

2015-06-08 08:56 - 2014-09-25 16:48 - 00000000 ____D C:\ProgramData\Oracle
 

==================== Files in the root of some directories =======
 

2013-06-03 18:24 - 2013-06-03 19:16 - 0000474 _____ () C:\Users\Martin\AppData\Roaming\Poladroid prefs.plist

2014-11-06 20:55 - 2015-06-25 16:05 - 0000600 _____ () C:\Users\Martin\AppData\Local\PUTTY.RND

2015-05-31 02:08 - 2015-05-31 02:08 - 0000874 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel

2014-04-15 20:00 - 2014-04-15 20:00 - 0000017 _____ () C:\Users\Martin\AppData\Local\resmon.resmoncfg

2013-04-25 13:58 - 2014-11-09 02:51 - 0001809 _____ () C:\ProgramData\hpzinstall.log

2015-06-28 04:33 - 2015-06-28 04:33 - 0005005 _____ () C:\ProgramData\wmzddnmb.cix
 

Some files in TEMP:

====================

C:\Users\Martin\AppData\Local\Temp\Quarantine.exe

C:\Users\Martin\AppData\Local\Temp\sdan.exe

C:\Users\Martin\AppData\Local\Temp\sdapk.exe

C:\Users\Martin\AppData\Local\Temp\sdaspwn.exe

C:\Users\Martin\AppData\Local\Temp\Setup-Giga1.exe

C:\Users\Martin\AppData\Local\Temp\sqlite3.dll

C:\Users\Martin\AppData\Local\Temp\WEB.DE_MailCheck_FF_WebSetup_sfs_ki20501.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-07-06 00:42
 

==================== End of log ============================

schrauber

06.07.2015 15:12

Java und Flash updaten.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Alle Zeitangaben in WEZ +1. Es ist jetzt 08:49 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131