| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox CacheWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.06.2015, 23:03
| #1 |
 |  Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache Hallo, Seit einiger Zeit (ca. 1-2 Monate) meldet Comodo in regelmäßigen Abständen, dass im Firefox / Chrome Cache TrojWare.JS.Agent.PD gefunden wird - nach Bereinigung taucht dieser aber wieder auf. Vielen Dank für die Hilfe! PS: Handyname (mein Klarname) durch Sternchen im GMER log ersetzt - die GMER und Addition Logs sind im Anhang, da sie leider zu groß sind. Comodo (Was Win32Scar in TF2 ist weiß ich leider auch nicht) Code:
ATTFilter <td>2015-06-15 22:40:49*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001ab|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001ab*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-15 22:39:26*
</td>
<td>c:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001ab|c:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001ab*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-15 22:39:00*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001ab|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001ab*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-14 23:14:30*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0012e3|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0012e3*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-14 23:05:37*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0012e3|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0012e3*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-14 22:06:51*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0010f0|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0010f0*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-14 22:05:55*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0010f0|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0010f0*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-13 23:33:15*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000bf5|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000bf5*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-13 23:20:20*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000bf5|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000bf5*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-13 20:55:38*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003a3|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003a3*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-13 20:55:38*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00032c|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00032c*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-13 20:14:39*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003a3|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003a3*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-13 20:14:36*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00032c|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00032c*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-08 18:52:09*
</td>
<td>D:\Steam\SteamApps\common\Team Fortress 2\bin\motionmapper.exe*
</td>
<td>TrojWare.Win32.Scar.LSA@348353990*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-08 18:52:09*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001d4|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001d4*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-08 18:45:03*
</td>
<td>D:\Steam\SteamApps\common\Team Fortress 2\bin\motionmapper.exe*
</td>
<td>TrojWare.Win32.Scar.LSA@348353990*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-08 18:11:37*
</td>
<td>C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001d4|C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001d4*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-05 11:26:50*
</td>
<td>C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\D7F06C4882F81696D8B79A0F15C972BEA6AF2A21|C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\D7F06C4882F81696D8B79A0F15C972BEA6AF2A21*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-05 11:26:50*
</td>
<td>C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\4A6A38AE5D61942F78238A2A0A6E6CF84CBBE345|C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\4A6A38AE5D61942F78238A2A0A6E6CF84CBBE345*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-05 11:26:50*
</td>
<td>C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\3430F9436FAFBB8D2235B3C9BAB17D5B439A31EF|C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\3430F9436FAFBB8D2235B3C9BAB17D5B439A31EF*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-05 11:26:50*
</td>
<td>C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\78867B090C14D2C6C68106D0D6F9F1C6785DF30D|C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\78867B090C14D2C6C68106D0D6F9F1C6785DF30D*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-05 11:26:50*
</td>
<td>C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\D4D5FD789ABD91084C62AAB516C31E93208CFD26|C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\D4D5FD789ABD91084C62AAB516C31E93208CFD26*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Quarantäne*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-05 10:10:51*
</td>
<td>C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\D7F06C4882F81696D8B79A0F15C972BEA6AF2A21|C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\D7F06C4882F81696D8B79A0F15C972BEA6AF2A21*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-05 10:10:50*
</td>
<td>C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\D4D5FD789ABD91084C62AAB516C31E93208CFD26|C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\D4D5FD789ABD91084C62AAB516C31E93208CFD26*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-05 10:09:51*
</td>
<td>C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\78867B090C14D2C6C68106D0D6F9F1C6785DF30D|C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\78867B090C14D2C6C68106D0D6F9F1C6785DF30D*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-05 10:09:18*
</td>
<td>C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\4A6A38AE5D61942F78238A2A0A6E6CF84CBBE345|C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\4A6A38AE5D61942F78238A2A0A6E6CF84CBBE345*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
</tr>
<tr>
<td>2015-06-05 10:09:00*
</td>
<td>C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\3430F9436FAFBB8D2235B3C9BAB17D5B439A31EF|C:\Users\Beckz\AppData\Local\Mozilla\Firefox\Profiles\uwaxteab.default\cache2\entries\3430F9436FAFBB8D2235B3C9BAB17D5B439A31EF*
</td>
<td>TrojWare.JS.Agent.PD@300743807*
</td>
<td>Erkennen*
</td>
<td>Erfolgreich*
</td>
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:57 on 15/06/2015 (Beckz)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Beckz (administrator) on CHRIS on 15-06-2015 22:58:02
Running from C:\Users\Beckz\Downloads
Loaded Profiles: Beckz (Available Profiles: Beckz & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Spotify Ltd) C:\Users\Beckz\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Curse) C:\Users\Beckz\AppData\Local\Apps\2.0\5VZ0RZCQ.DEW\VNCZ4Z6B.RZ1\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62c0f9ec26c\CurseClient.exe
(Dropbox, Inc.) C:\Users\Beckz\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Beckz\Downloads\Defogger.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-09] (COMODO)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-06-07] (Adobe Systems Incorporated)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\Run: [Battle.net] => D:\Battle.net\Battle.net Launcher.exe [2860080 2015-06-02] (Blizzard Entertainment)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\Run: [Spotify Web Helper] => C:\Users\Beckz\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-31] (Spotify Ltd)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\Run: [Spotify] => C:\Users\Beckz\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-31] (Spotify Ltd)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\Run: [GoogleChromeAutoLaunch_349381C3921A743EC7E4CD3155ACD016] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-10] (Google Inc.)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\MountPoints2: {37f5a09d-cedc-11e4-bf08-ac220b78bea7} - "H:\aocsetup.exe" /autorun
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\MountPoints2: {6dc50353-cb03-11e4-bf05-ac220b78bea7} - "E:\SETUP.EXE"
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\MountPoints2: {fdbfa1bc-4185-11e3-be83-ac220b78bea7} - "L:\LaunchU3.exe" -a
Startup: C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-11-27] ()
Startup: C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Beckz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\java\bin\ssv.dll [2014-03-30] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\java\bin\jp2ssv.dll [2014-03-30] (Oracle Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E03971CE-16A2-4630-A618-CDA4E8760159}: [NameServer] 156.154.70.25,156.154.71.25
FireFox:
========
FF ProfilePath: C:\Users\Beckz\AppData\Roaming\Mozilla\Firefox\Profiles\uwaxteab.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-04] ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\WINDOWS\system32\npDeployJava1.dll [2014-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> D:\java\bin\plugin2\npjp2.dll [2014-03-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-01] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-17] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1551654986-3807097994-1316783454-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-17] (Pando Networks)
FF SearchPlugin: C:\Users\Beckz\AppData\Roaming\Mozilla\Firefox\Profiles\uwaxteab.default\searchplugins\dictcc.xml [2014-01-21]
FF SearchPlugin: C:\Users\Beckz\AppData\Roaming\Mozilla\Firefox\Profiles\uwaxteab.default\searchplugins\wowhead.xml [2013-12-26]
FF SearchPlugin: C:\Users\Beckz\AppData\Roaming\Mozilla\Firefox\Profiles\uwaxteab.default\searchplugins\youtube-videosuche.xml [2014-01-26]
FF Extension: Adblock Plus - C:\Users\Beckz\AppData\Roaming\Mozilla\Firefox\Profiles\uwaxteab.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-05]
Chrome:
=======
CHR Profile: C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-07]
CHR Extension: (Google Docs) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-07]
CHR Extension: (Google Drive) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-07]
CHR Extension: (YouTube) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-07]
CHR Extension: (Google Search) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-07]
CHR Extension: (Google Sheets) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-07]
CHR Extension: (AdBlock) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-07]
CHR Extension: (Google Wallet) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-07]
CHR Extension: (Gmail) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-07]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-30] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-04] (Microsoft Corporation)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-09] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-09] (COMODO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-13] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-05-08] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-21] (Disc Soft Ltd)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-06-01] (NVIDIA Corporation)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [129856 2012-10-20] (Ray Hinchliffe)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-15 22:58 - 2015-06-15 22:58 - 00018977 _____ C:\Users\Beckz\Downloads\FRST.txt
2015-06-15 22:57 - 2015-06-15 22:58 - 00000000 ____D C:\FRST
2015-06-15 22:57 - 2015-06-15 22:57 - 02109952 _____ (Farbar) C:\Users\Beckz\Downloads\FRST64.exe
2015-06-15 22:57 - 2015-06-15 22:57 - 00000472 _____ C:\Users\Beckz\Downloads\defogger_disable.log
2015-06-15 22:57 - 2015-06-15 22:57 - 00000000 _____ C:\Users\Beckz\defogger_reenable
2015-06-15 22:56 - 2015-06-15 22:56 - 00050477 _____ C:\Users\Beckz\Downloads\Defogger.exe
2015-06-14 22:03 - 2015-06-14 22:05 - 81179244 _____ C:\Users\Beckz\Downloads\SpackoDeluxeProduction.mov
2015-06-14 21:31 - 2015-06-14 21:39 - 371449164 _____ C:\Users\Beckz\Downloads\Alex_Julinane_Lied.mov
2015-06-14 21:30 - 2015-06-14 21:30 - 17319145 _____ C:\Users\Beckz\Downloads\Steffi 2.MOV
2015-06-14 21:30 - 2015-06-14 21:30 - 17275693 _____ C:\Users\Beckz\Downloads\Steffi 1.MOV
2015-06-14 21:29 - 2015-06-14 21:29 - 01603605 _____ C:\Users\Beckz\Downloads\Maesi.mp4
2015-06-14 21:28 - 2015-06-14 21:29 - 45734639 _____ C:\Users\Beckz\Downloads\Josef.mov
2015-06-14 21:28 - 2015-06-14 21:28 - 02250189 _____ C:\Users\Beckz\Downloads\Dirko.mp4
2015-06-14 00:09 - 2015-06-14 00:09 - 00000046 _____ C:\WINDOWS\wininit.ini
2015-06-09 19:30 - 2015-06-09 19:30 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-09 19:30 - 2015-06-09 19:30 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 19:30 - 2015-06-09 19:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 19:30 - 2015-06-09 19:30 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-09 19:30 - 2015-06-09 19:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-09 19:30 - 2015-06-09 19:30 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-09 19:30 - 2015-06-09 19:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-09 19:30 - 2015-06-09 19:30 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-09 19:30 - 2015-06-09 19:30 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-09 19:30 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 19:30 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 19:30 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 19:30 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 19:30 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-09 14:00 - 2015-06-09 14:00 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2015-06-07 19:52 - 2015-06-15 22:57 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-07 19:52 - 2015-06-15 22:46 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-07 19:52 - 2015-06-10 19:58 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-07 19:52 - 2015-06-07 19:52 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-07 19:52 - 2015-06-07 19:52 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-07 19:52 - 2015-06-07 19:52 - 00000000 ____D C:\Users\Beckz\AppData\Local\Google
2015-06-07 19:52 - 2015-06-07 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-07 19:52 - 2015-06-07 19:52 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-07 19:51 - 2015-06-07 19:51 - 00931408 _____ (Google Inc.) C:\Users\Beckz\Downloads\ChromeSetup.exe
2015-06-07 11:14 - 2015-06-07 11:14 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-03 16:04 - 2015-06-13 23:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-01 20:39 - 2015-06-01 20:39 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-01 20:37 - 2015-06-01 20:39 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-06-01 20:37 - 2015-06-01 20:39 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 37741712 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 30480528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 22946960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 16185352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 14495448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 13304280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 11830512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 10995528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-01 20:37 - 2015-06-01 20:38 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435306.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435306.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 01099808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 01050440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00982856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00939080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00878816 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00407112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00175880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-01 20:37 - 2015-05-28 09:04 - 42719888 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-01 20:27 - 2015-06-01 20:28 - 00048784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-01 20:27 - 2015-06-01 20:28 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-06-01 19:11 - 2015-06-01 19:11 - 00000000 ____D C:\Users\Beckz\AppData\Local\GWX
2015-06-01 14:51 - 2015-06-01 14:51 - 00000000 ____D C:\Users\Gast\AppData\Local\GWX
2015-05-24 15:23 - 2015-06-15 21:57 - 00000000 ____D C:\Users\Beckz\Documents\The Witcher 3
2015-05-24 15:23 - 2015-05-24 15:23 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2015-05-24 15:23 - 2015-05-24 15:23 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2015-05-24 15:23 - 2015-05-24 15:23 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2015-05-24 15:23 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2015-05-24 15:22 - 2015-05-24 15:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-24 14:07 - 2015-05-24 14:07 - 00000000 ____D C:\Users\Beckz\AppData\Local\openvr
2015-05-20 21:00 - 2015-05-20 21:00 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 21:00 - 2015-05-20 21:00 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 20:37 - 2015-05-20 21:07 - 670563043 _____ C:\Users\Beckz\Downloads\retropie-v3.0beta2-rpi1.img.gz
2015-05-19 20:19 - 2015-05-19 20:19 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-19 20:19 - 2015-05-19 20:19 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-19 20:19 - 2015-05-19 20:19 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-19 20:19 - 2015-05-19 20:19 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-19 20:19 - 2015-05-19 20:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-19 20:19 - 2015-05-19 20:19 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-19 20:19 - 2015-05-19 20:19 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-19 20:19 - 2015-05-19 20:19 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-19 20:19 - 2015-05-19 20:19 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-19 20:19 - 2015-05-19 20:19 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-19 20:19 - 2015-05-19 20:19 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-15 22:57 - 2014-03-23 10:13 - 00342724 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-06-15 22:57 - 2013-11-01 15:36 - 00000000 ____D C:\Users\Beckz
2015-06-15 22:57 - 2013-11-01 15:34 - 01877851 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-15 22:55 - 2014-02-09 14:47 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-06-15 22:52 - 2013-09-30 06:14 - 02132518 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-15 22:52 - 2013-09-30 05:56 - 01026792 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-15 22:52 - 2013-09-30 05:56 - 00245954 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-15 22:46 - 2014-03-12 23:57 - 00000000 ___RD C:\Users\Beckz\Dropbox
2015-06-15 22:46 - 2014-03-12 23:56 - 00000000 ____D C:\Users\Beckz\AppData\Roaming\Dropbox
2015-06-15 22:46 - 2014-02-26 20:19 - 00000000 ____D C:\Users\Beckz\AppData\Local\Battle.net
2015-06-15 22:46 - 2013-11-27 19:22 - 00000000 ____D C:\Users\Beckz\AppData\Local\Deployment
2015-06-15 22:46 - 2013-11-01 15:46 - 00000000 ___DO C:\Users\Beckz\SkyDrive
2015-06-15 22:46 - 2013-10-30 23:23 - 00000000 ____D C:\Users\Beckz\AppData\Roaming\Spotify
2015-06-15 22:46 - 2013-10-30 23:23 - 00000000 ____D C:\Users\Beckz\AppData\Local\Spotify
2015-06-15 22:45 - 2014-03-28 17:17 - 00000000 ____D C:\Users\Beckz\AppData\Roaming\ClassicShell
2015-06-15 22:45 - 2013-11-01 15:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-15 22:45 - 2013-09-29 21:04 - 00031604 _____ C:\WINDOWS\PFRO.log
2015-06-15 22:45 - 2013-08-22 16:46 - 00375746 _____ C:\WINDOWS\setupact.log
2015-06-15 22:45 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-15 22:45 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-15 22:19 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-15 22:17 - 2013-11-01 02:03 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-15 22:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-15 21:14 - 2013-11-01 15:49 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1BF39C4A-C4D8-45CF-A922-6C4F99F1E3A6}
2015-06-15 21:12 - 2015-03-15 04:14 - 00000000 ____D C:\Users\Beckz\Desktop\Games
2015-06-14 22:12 - 2014-08-17 14:40 - 00000000 ____D C:\Users\Beckz\Documents\my games
2015-06-14 00:49 - 2013-10-30 19:19 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1551654986-3807097994-1316783454-1002
2015-06-14 00:11 - 2015-03-19 21:09 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-14 00:11 - 2013-11-01 15:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-14 00:09 - 2014-02-09 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-06-13 23:34 - 2013-10-30 17:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-13 23:34 - 2013-08-22 16:44 - 00373232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-13 23:33 - 2014-12-12 00:54 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-13 23:33 - 2014-07-10 00:29 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-13 23:33 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-13 23:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-13 23:30 - 2013-10-30 23:23 - 00002051 _____ C:\Users\Beckz\Desktop\Spotify.lnk
2015-06-13 14:26 - 2013-09-24 13:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-13 14:26 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-13 14:22 - 2013-09-24 13:10 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 19:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-09 19:30 - 2013-09-30 06:10 - 02473472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-06-09 19:30 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-09 19:30 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 19:28 - 2014-04-17 16:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\ClassicShell
2015-06-07 11:14 - 2015-02-08 12:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-05 15:36 - 2013-11-14 12:38 - 00820928 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-06-05 15:36 - 2013-09-24 11:54 - 00126696 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-06-05 15:36 - 2013-09-24 11:54 - 00035056 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-06-05 15:36 - 2013-09-24 11:54 - 00020672 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-06-05 15:34 - 2013-11-14 12:38 - 00041224 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-06-05 15:34 - 2013-09-24 11:53 - 00576824 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-06-05 15:34 - 2013-09-24 11:53 - 00444448 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-06-05 15:33 - 2013-09-24 11:53 - 00358080 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-06-05 15:32 - 2013-09-24 11:53 - 00045760 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-06-05 15:31 - 2013-09-24 11:53 - 00288448 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-06-05 15:31 - 2013-09-24 11:53 - 00040640 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-06-04 21:15 - 2013-11-01 02:01 - 00000000 ____D C:\Users\Beckz\AppData\Local\Adobe
2015-06-04 21:14 - 2013-11-01 02:03 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-03 23:04 - 2014-07-02 17:56 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-03 23:04 - 2014-07-02 17:56 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-03 23:04 - 2013-12-17 23:18 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-03 23:04 - 2013-12-17 23:18 - 01320304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-01 22:31 - 2013-11-06 21:50 - 00001741 _____ C:\Users\Beckz\Desktop\Neues Textdokument.txt
2015-06-01 20:39 - 2014-07-24 20:38 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-06-01 20:39 - 2013-10-10 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-01 20:38 - 2014-08-17 18:16 - 15864064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-01 20:38 - 2014-08-17 18:16 - 14987528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-01 20:38 - 2013-11-01 15:34 - 00937288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-01 20:38 - 2013-11-01 15:34 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-01 20:38 - 2013-11-01 15:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-01 20:38 - 2013-10-27 10:12 - 17486856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-01 20:38 - 2013-10-27 10:12 - 12852152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-01 20:38 - 2013-10-27 10:12 - 03379680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-06-01 20:38 - 2013-10-27 10:12 - 02986392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-01 20:38 - 2013-10-10 09:35 - 00112968 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-06-01 20:38 - 2013-10-10 09:35 - 00105288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-06-01 20:28 - 2013-10-10 09:35 - 00052880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-06-01 14:58 - 2013-10-31 21:25 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-05-28 09:04 - 2013-10-27 10:12 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-05-28 06:15 - 2013-11-01 15:34 - 06872904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-05-28 06:15 - 2013-11-01 15:34 - 03491984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-05-28 06:15 - 2013-11-01 15:34 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-05-28 06:15 - 2013-11-01 15:34 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-05-27 12:48 - 2013-11-01 15:34 - 04408727 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-05-24 15:23 - 2014-04-06 11:05 - 00000000 ____D C:\Users\Beckz\AppData\Roaming\NVIDIA
2015-05-24 15:22 - 2013-09-30 10:50 - 00149954 _____ C:\WINDOWS\DirectX.log
2015-05-21 23:13 - 2014-03-19 21:39 - 00140800 ___SH C:\Users\Beckz\Desktop\Thumbs.db
2015-05-21 18:22 - 2013-11-26 19:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-21 18:22 - 2013-11-26 19:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-20 23:17 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-20 23:17 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-05-20 20:57 - 2015-04-07 19:37 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-20 20:57 - 2015-04-07 19:37 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-20 20:57 - 2013-11-26 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-20 20:55 - 2013-09-30 05:59 - 00000000 ____D C:\Program Files\Windows Journal
==================== Files in the root of some directories =======
2015-04-29 17:11 - 2015-05-11 23:59 - 0003961 _____ () C:\Users\Beckz\AppData\Roaming\LTspiceIV.ini
2015-03-15 13:13 - 2015-03-15 19:31 - 0000026 _____ () C:\Users\Beckz\AppData\Local\isoworkshop.ini
Some files in TEMP:
====================
C:\Users\Beckz\AppData\Local\Temp\BackupSetup.exe
C:\Users\Beckz\AppData\Local\Temp\bitool.dll
C:\Users\Beckz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppvwjhn.dll
C:\Users\Beckz\AppData\Local\Temp\mailcheck_ff_2014_12_02.exe
C:\Users\Beckz\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Beckz\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Beckz\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Beckz\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Beckz\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Beckz\AppData\Local\Temp\nvStInst.exe
C:\Users\Beckz\AppData\Local\Temp\sdan.exe
C:\Users\Beckz\AppData\Local\Temp\sdapk.exe
C:\Users\Beckz\AppData\Local\Temp\sdaspwn.exe
C:\Users\Beckz\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Beckz\AppData\Local\Temp\tmnationsforever_setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-13 19:42
==================== End of log ============================
|
|
16.06.2015, 05:31
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
16.06.2015, 16:31
| #3 |
| | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache sorry, hier die Logs - ich weiß leider nicht, warum die so lang sind
__________________ Addition 1 Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Beckz at 2015-06-15 22:58:29
Running from C:\Users\Beckz\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1551654986-3807097994-1316783454-500 - Administrator - Disabled)
Beckz (S-1-5-21-1551654986-3807097994-1316783454-1002 - Administrator - Enabled) => C:\Users\Beckz
Gast (S-1-5-21-1551654986-3807097994-1316783454-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1551654986-3807097994-1316783454-1006 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blobby Volley 2 Version 1.0 (HKLM-x32\...\Blobby Volley 2 Version 1.0_is1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
COMODO Internet Security Premium (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.)
Curse Client (HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\101a9f93b8f0bb6f) (Version: 5.1.1.840 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo (HKLM-x32\...\Diablo) (Version: - )
Diablo (HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\Diablo) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dropbox (HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
ISO Workshop 5.8 (HKLM-x32\...\ISO Workshop_is1) (Version: - Glorylogic)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java(TM) 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
LTspice IV (HKLM-x32\...\LTspice IV) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Simulationcraft(x64) version 6.0.3.20 (HKLM-x32\...\{AC025546-B7C5-45A7-B16A-80AE482CBB01}_is1) (Version: 6.0.3.20 - Simulationcraft)
Spotify (HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version: - CD PROJEKT RED)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 3.51 - UNKNOWN)
Warcraft Logs Uploader (x32 Version: 3.51 - UNKNOWN) Hidden
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1551654986-3807097994-1316783454-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Beckz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1551654986-3807097994-1316783454-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1551654986-3807097994-1316783454-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1551654986-3807097994-1316783454-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1551654986-3807097994-1316783454-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1551654986-3807097994-1316783454-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1551654986-3807097994-1316783454-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1551654986-3807097994-1316783454-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1551654986-3807097994-1316783454-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1551654986-3807097994-1316783454-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1551654986-3807097994-1316783454-1002_Classes\CLSID\{fd9ae335-9cda-438b-8a64-281216fc96d3}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
==================== Restore Points =========================
10-06-2015 23:51:23 Windows Update
14-06-2015 00:08:47 Removed GeekBuddy.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0137F9BF-FC31-4A85-8366-2981E45DF4BB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-20] (Microsoft Corporation)
Task: {04671508-7B92-4320-ABFB-2FF88157ED70} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-04-16] (Microsoft Corporation)
Task: {0569D654-DA29-4A65-B38E-72428823E5A5} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-09] (COMODO)
Task: {17BF1745-B5D6-4B75-B93D-9C733A820B84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-04] (Adobe Systems Incorporated)
Task: {258327A3-953C-4DD1-85EC-B549B8C91B0B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {27A37885-B61F-4922-9F7A-A5024C362C07} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {3EAC4D96-CD60-48EC-B7CC-630B55CF7F64} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-13] (Microsoft Corporation)
Task: {4073DCAB-AA33-4750-A883-F7DD722467F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {4D159BF4-A21F-4EFF-AAF0-65523A646A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)
Task: {4E062F5E-B647-4FE6-97F5-3EF14B45DE11} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-09] (COMODO)
Task: {51A2D890-63A8-44CC-BD60-AC46DE8D025E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-09] (COMODO)
Task: {63530F60-BD4B-4F6E-B7A8-096771B00C30} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {732B1A76-D908-4CC2-84F0-FF268499F80A} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-09] (COMODO)
Task: {78434DA7-C3EF-46A0-A622-11AF8682AF08} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-09] (COMODO)
Task: {80A832C0-D36C-491F-9AAC-2AA9955AFEEB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {93DD9FCD-B466-4244-B8BA-B557C4431DCA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {A58BB037-A5BE-4401-ADD4-D92298EC5978} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-20] (Microsoft Corporation)
Task: {ABD16DB0-7E01-4735-8668-96180695A0EF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-20] (Microsoft Corporation)
Task: {B2FBE55E-2825-4F91-AFD7-A53A6D7E4E1B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-20] (Microsoft Corporation)
Task: {C490665A-6899-40A7-A495-39448E09041E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-09] (COMODO)
Task: {CBA4B3DC-738D-4774-B97D-66D88C5798D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)
Task: {E32C2081-8FAB-43B2-A204-98FD6635C107} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-07] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2013-11-01 15:34 - 2015-05-28 06:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-01 15:34 - 2012-10-30 00:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2013-10-31 21:26 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-04-15 18:39 - 2015-01-09 00:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-06-13 14:21 - 2015-06-13 14:21 - 00016384 ____N () C:\Users\Beckz\AppData\Local\Apps\2.0\5VZ0RZCQ.DEW\VNCZ4Z6B.RZ1\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62c0f9ec26c\Curse.CurseClient.WowDb.dll
2013-11-27 19:23 - 2013-11-27 19:23 - 00035840 _____ () C:\Users\Beckz\AppData\Local\Apps\2.0\5VZ0RZCQ.DEW\VNCZ4Z6B.RZ1\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62c0f9ec26c\Curse.Advertising.dll
2015-06-13 14:21 - 2015-06-13 14:21 - 00099840 ____N () C:\Users\Beckz\AppData\Local\Apps\2.0\5VZ0RZCQ.DEW\VNCZ4Z6B.RZ1\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62c0f9ec26c\Curse.CurseClient.CMOD2.dll
2015-06-15 22:56 - 2015-06-15 22:56 - 00050477 _____ () C:\Users\Beckz\Downloads\Defogger.exe
2013-11-01 15:34 - 2015-06-15 22:45 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2013-11-01 15:34 - 2012-05-08 09:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2015-06-01 20:28 - 2015-06-03 23:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-10 19:58 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-10 19:58 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-06-15 22:46 - 2015-06-15 22:46 - 00043008 _____ () c:\users\beckz\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppvwjhn.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Beckz\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Beckz\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Beckz\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Beckz\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
Code:
ATTFilter ==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\DiabUnin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aspnet_counters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvapi64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvd3dumx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435306.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435306.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvEncodeAPI64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NvFBC64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco6420103.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvhdap64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NvIFR64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NvIFROpenGL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvinitx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvmctray.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvmcumd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvoglshim64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvoglv64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvumdshimx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvwgf2umx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID
Geändert von Beckz (16.06.2015 um 16:47 Uhr) |
|
16.06.2015, 16:32
| #4 |
| | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache Addition 3 Code:
ATTFilter AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDScDrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aspnet_counters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID
|
|
16.06.2015, 16:33
| #5 |
| | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache Addition 4 Code:
ATTFilter AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncodeAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFROpenGL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvinit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglshim32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvumdshim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvhda64v.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VClone.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdcsam64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WSDScan.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Beckz\Desktop\38969667.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\AdbeRdr11010_de_DE.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\AdbeRdr11010_de_DE.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\AdobeAIRInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\AdobeAIRInstaller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\Alex_Julinane_Lied.mov:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\aP456WG_460s_v1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\beckz30.zip:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\beckz30.zip:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\blobby2-win32-1.0-installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\ChromeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\Defogger.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\Defogger.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\dff_bimh_product-image05.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\dff_bimh_product-image05.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\Dirko.mp4:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\Downloader_StarCraft_Combo_enGB.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enGB.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enGB.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enGB(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enGB(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enGB.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enGB.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\DTLite501-0406.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\DTLite501-0406.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\FRITZ_Box-Fernzugang_einrichten.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\FRITZ_Box-Fernzugang_einrichten.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\ipxwrapper-0.5.0.zip:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\ipxwrapper-0.5.0.zip:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\ISO Workshop - CHIP-Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\ISO Workshop - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\Josef.mov:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\ltspiceiv.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\ltspiceiv.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\Maesi.mp4:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\MicrosoftFixit.HomeGroup.Run.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\MicrosoftFixit.HomeGroup.Run.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\OFFICE12.zip:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\OFFICE12.zip:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\quake³.zip:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\quake³.zip:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\retropie-v3.0beta2-rpi1.img.gz:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\retropie-v3.0beta2-rpi1.img.gz:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\SpackoDeluxeProduction.mov:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\Steffi 1.MOV:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\Steffi 2.MOV:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\TrackMania-Nations-Forever-lnstall.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\TrackMania-Nations-Forever-lnstall.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\UnrealTournament.zip:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\UnrealTournament.zip:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\Virtual CloneDrive - CHIP-Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\Virtual CloneDrive - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Downloads\warcraftlogs.air:$CmdTcID
AlternateDataStreams: C:\Users\Beckz\Downloads\warcraftlogs.air:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Documents\76700084.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Beckz\Documents\picdump-15-02-27-124.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Gast\Downloads\Begrüßung_ElsterOnline1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Gast\Downloads\Begrüßung_ElsterOnline1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Gast\Downloads\Girokonto_5407163839_Kontoauszug_20150201.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Gast\Downloads\Tatjana1_elster_07.02.2015.pfx:$CmdTcID
AlternateDataStreams: C:\Users\Gast\Downloads\Tatjana1_elster_07.02.2015.pfx:$CmdZnID
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Beckz\AppData\Local\Microsoft\Windows\Themes\Nightfall\DesktopBackground\nightfall_starlight_panoramic6.jpg
DNS Servers: 156.154.70.25 - 156.154.71.25
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{04709BD5-3EF0-44F7-B726-80E9E8CCEFE9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{2FD1F160-C884-4BC1-8E5F-770E48E7360C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [UDP Query User{19E391A4-9F22-4465-A3DD-882C2A1530EC}C:\users\beckz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\beckz\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BE5A2454-EE51-4574-A07B-A784AF99E7E9}C:\users\beckz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\beckz\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A866D80A-EF85-4446-8657-94DC5FC1E11A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{A93B7041-331C-4AD6-8CC9-C4942DB88D75}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{4087C151-C50E-42CD-A10A-5F60C6049793}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{1D6B1BD5-B36E-463C-99F8-ADEF3D33D94F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{23614A49-88A6-4A9B-AD14-A318AD160A4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8FB12E20-4D04-4C41-8059-D75813D1CCB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{36458F26-9340-47CD-A253-7478D08E7BDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CDDC6586-6A8A-4A24-B86A-941FD19CE9C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{24C13A68-9C3B-4E28-A628-08CB173FAF29}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{33AE673F-242C-4807-B9D0-8BB085D737A7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{39B9A17F-E1FA-4EAE-984C-1A3F2B467EA1}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{6280721D-CE22-4ADF-B885-1A1D1EB69865}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{FAF2C1ED-9445-4177-AF3F-A38E28DF1E3F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{326473A2-0590-418D-B7AA-B14D4BEB9F6C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7703CFC-AC95-4949-A55E-49F18062E730}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C36C4CB7-9FDB-4683-9AE2-097CE8990C39}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{072E65BA-8792-4834-86FD-6FBBFBBF9F29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{928D2408-7769-4699-BBE6-A2CB60F9E844}] => (Allow) D:\iTunes\iTunes.exe
FirewallRules: [{02649F09-5FDA-4AC7-A43A-0C7A4F93662E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{82A329EB-4791-4446-BEF3-E0EA871FED42}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{243205D1-3CF9-4A75-BB0E-AEEF1A2FB49D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C0B7C93B-22AC-4738-B212-8780A6461A3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5828D545-FEB2-4224-9D16-96528BFB6D21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0C340D14-57A7-40B0-8AA3-BB23438D345D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AB867EA1-1FE8-4F4D-BBE6-EBCCFFC7F8A8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1B598C1A-7F3A-4493-9314-353206110DEE}] => (Allow) LPort=2869
FirewallRules: [{D89E4A76-1B82-4930-B83C-BB3A4851951B}] => (Allow) LPort=1900
FirewallRules: [{6D332195-2E69-4F24-93A9-EC546C635C6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{5477E2ED-12E0-484B-9AFD-8EB5D8247B75}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{D420841D-B4C8-40FE-BBB9-96E2BFC6D561}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{68B81606-524A-420B-8A79-2FC60F3E2926}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{3ECC5CF2-6682-44D7-9D5D-C04CADEFDAE4}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{FBBD7A9A-8E00-4CD9-94E9-0F7099395FAE}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{9FAD41C7-1512-45CD-BF73-783CFDEEB6D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{8428C253-6F12-4094-B747-8BB8B7B1EFD0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{A8364F28-2A1A-4031-8596-6D6ADDC73078}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{CC03F2E0-BDFC-42BC-B6E4-22D5D921C1FA}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{FCCD42AD-51FD-45F4-84D1-9964E76BE5FD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{9B6EDEB4-76A1-4290-BB1E-19A116A8C9A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{F519811A-3FBC-467B-9DD7-41A6205EA4C1}] => (Allow) C:\Users\Beckz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5BEBFD72-A438-4979-977D-CBC04527F24A}] => (Allow) C:\Users\Beckz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{68B938E5-E054-40B6-B03B-155921E3E611}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{22E42D2E-8633-47C5-8539-3C7E73619B10}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{3EEE065D-3601-4496-A276-1D24EBFD84D1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{96841C20-2C4B-4372-AA64-B1678ABF0FD8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{5E4CEB34-20C7-40E7-A954-FB60B012AC7D}D:\vlc\vlc.exe] => (Allow) D:\vlc\vlc.exe
FirewallRules: [UDP Query User{1EA74308-CF90-4A9C-AA53-24CD9895F33C}D:\vlc\vlc.exe] => (Allow) D:\vlc\vlc.exe
FirewallRules: [{34BC9DA8-9EE9-4F77-B6DF-A2001302307F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{A47D7D86-3DEB-4168-B33C-C9347A1CCA2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{FD59773F-9699-4840-9DE3-5A56CEAEB759}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{B3F1B476-476D-4F9A-A6AF-0B31DE31A59C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [TCP Query User{19175ACE-7242-4607-A656-35BB8E4D26D0}C:\users\beckz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\beckz\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{43EDC25A-9F1C-4BAC-99B0-15113F01CD4F}C:\users\beckz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\beckz\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CF109398-CB2C-47BF-80E0-7A096CAE46CE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{5E1EC668-D4F4-47BF-9DA2-BFD9BCAADEF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{860F1027-1C77-49C6-ACC8-3DF5D947AE2F}] => (Allow) E:\fsetup.exe
FirewallRules: [{2850F5C0-78E1-45E0-847B-D3F6812F81E8}] => (Allow) E:\fsetup.exe
FirewallRules: [{60576064-07B6-4A77-AFE2-F122F9A714DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{BBD86E76-EBCC-4451-96F8-4B6EA6F45B54}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{1C5899AE-4930-4B81-850E-BDCD97DCA06B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{7F9136AE-7C18-472B-9EDF-CCE6270DB1BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{D2C55849-E17D-485D-AC42-A18ACA8367B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{DB30F483-3352-4B8D-AB8D-D1A291FF3A25}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{EBA2062B-B025-4762-8E29-B9DB25B708CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{526E8528-BF4C-4D1F-B127-2E2660D60A64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{44066792-8B9A-4371-AEE1-390E241BF180}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{521DB84C-074F-4D25-9540-025A5E8A36EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{EAD027CC-DC94-4F65-ABAC-CBD9D83EB7F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{913795A9-13D7-4F6D-B1DF-A3A108439EF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [TCP Query User{63BBFF97-F994-4BEF-A2B4-20D5BA99591E}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{85BDADEC-2B1D-47D3-8922-2D569B85713C}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{7B4D385D-8E83-4453-8DFE-D3F4CA6FE94C}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{41623338-8BAD-4C9B-981A-2BEB0AB68F7E}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
FirewallRules: [{BB56C11E-5572-43D2-84D2-2316BC82725F}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{0D8FEED9-F757-457B-A9FA-5FA721987A7B}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{38795911-091E-4DEF-8AF6-AB53386ED1F0}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{2828CF63-3215-49AC-AF08-55BFF47E28D7}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{11E5F7B4-065A-4CF5-9A80-C6E790568889}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{94263AB4-41B8-4404-A612-41841D0EDFF2}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{B2E40D94-1965-4D77-9AB9-2B998C7C97C5}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{B519AA21-86F0-4356-9880-9DF749FA9432}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{F56A528B-7373-4594-8260-41709F9F4990}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{8C29D301-32F0-466E-BA02-C5D1F6296A8F}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{6DECF9B0-344B-48CB-84C2-4E1AFC8C6639}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{FE71E30B-9FDB-492A-AE5A-A21B2CD43F72}C:\programdata\battle.net\agent\agent.3286\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.exe
FirewallRules: [UDP Query User{5B245458-8DF1-4ACC-81E5-B323A81847D6}C:\programdata\battle.net\agent\agent.3286\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3286\agent.exe
FirewallRules: [{FB208CAB-80D0-40AD-A221-77E167E526F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{8557A1C4-A08B-44FD-9D0B-9DA187EDCA3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{20B059D3-FAB7-4008-B05B-45525840AAB9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{CE980F7E-1424-48E9-BC24-6915CC538BBB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{57EA1C0E-B402-46D2-8391-F7149D72D608}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{D6859A62-2304-4FAE-A15E-4F76D52819D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{ECA9BD61-DEF5-4830-91DF-98072C473341}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{B509B1B8-A2B1-41C2-B3D5-8BE34FC78990}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{59D27A72-6897-4FF0-B053-3EF67B703115}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{FDF22774-D4FD-4830-85DD-AB0C60D2001A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{8BEEB2EF-9E3A-4349-9835-36B7CCE734A8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{D8EDB2A4-5D23-43C8-999C-C933D7B98E3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{309312F5-EAA4-4F23-B311-7BD99445E13F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{41349598-EDD9-4BD0-BABA-90510807F9EF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{BD7FAF5F-9406-4ECE-82BA-F5F4559B57B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{229AB10A-F68B-472A-90A5-D488B51F04CC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{951E1659-A2A9-45CF-9280-154DDF2647F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{627652E6-6819-42EB-8E87-EA33EC3F25D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{0C1D8C58-D211-4B18-BF36-71F843BF5E2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{9718B282-68BB-4FD4-96B7-8DEC850FF593}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{F431F5B2-E94B-4A30-830A-8B17A9C7CAF6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{20DAD843-F229-4C8A-A078-F4EF63649E17}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{07955CA7-92DC-4F8C-B9E0-E31309FD121D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{E5C8CBEA-4B5F-4DA2-A917-B3A37E921059}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{A212878A-90A8-495D-B919-0C791825C7D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{79BD6C10-54E8-4BE5-B405-9F04A3ADB386}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{D25BEC3F-8F67-491C-90A2-111C2D28DB14}C:\users\beckz\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\beckz\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8C307FB1-960A-45DE-B7F6-E25C583BBE71}C:\users\beckz\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\beckz\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B022017A-80FE-4D3F-A1A4-8B08C7195CF1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{C3F338E2-0881-46BB-A163-05B2556DA84B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{43A5621E-2915-4C82-82EA-2E33741BF9E5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{D09EDED5-0E0B-47D3-941E-4FDB7CE35C6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{CA85CFDA-BA9F-4DF5-84FD-4B7770BB3BE8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7446130E-1C25-40DC-8BA9-BF2993FBAF47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46E4ECDD-FA61-4AC8-8CE8-90699ED757F7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{94ADB30C-5B9F-4D1F-9B47-0302251203FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{C10C41B2-33B8-4B20-9631-4199A12E1305}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{C24E7280-B08F-4A2C-A350-64B82A09EF85}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{56BF073F-9B6E-43A8-8907-C855CDED2BF1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{3173F131-22F6-46ED-8D81-8EF08B53EAFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{F3BAC21B-C1D0-44F7-A71F-BBF42F89DF15}C:\users\beckz\downloads\downloader_starcraft_combo_engb.exe] => (Allow) C:\users\beckz\downloads\downloader_starcraft_combo_engb.exe
FirewallRules: [UDP Query User{5CDD4816-F5B8-4751-A289-D79CEBD0E585}C:\users\beckz\downloads\downloader_starcraft_combo_engb.exe] => (Allow) C:\users\beckz\downloads\downloader_starcraft_combo_engb.exe
FirewallRules: [TCP Query User{0C249610-3371-43C8-933D-DDA610CA2988}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2BB5AFE9-48D7-42C2-8A4C-65D0CD8CEE20}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{837C3CD3-3CFA-4594-90A9-D46DD4F2F6FF}C:\users\beckz\downloads\downloader_warcraft3_reign_of_chaos_engb.exe] => (Allow) C:\users\beckz\downloads\downloader_warcraft3_reign_of_chaos_engb.exe
FirewallRules: [UDP Query User{2F6884C7-BF0E-481D-9470-24EEFB68D457}C:\users\beckz\downloads\downloader_warcraft3_reign_of_chaos_engb.exe] => (Allow) C:\users\beckz\downloads\downloader_warcraft3_reign_of_chaos_engb.exe
FirewallRules: [TCP Query User{3237BFE4-FBB5-4FB0-B2BB-505CBC9213D1}C:\users\beckz\downloads\downloader_warcraft3_the_frozen_throne_engb(1).exe] => (Allow) C:\users\beckz\downloads\downloader_warcraft3_the_frozen_throne_engb(1).exe
FirewallRules: [UDP Query User{70B5EBD2-9213-43BD-BABF-1102ED50C316}C:\users\beckz\downloads\downloader_warcraft3_the_frozen_throne_engb(1).exe] => (Allow) C:\users\beckz\downloads\downloader_warcraft3_the_frozen_throne_engb(1).exe
FirewallRules: [TCP Query User{38B24DF8-C6D9-4FC9-8DC0-7AA940FAACF8}D:\warcraft iii\war3.exe] => (Allow) D:\warcraft iii\war3.exe
FirewallRules: [UDP Query User{1CE9466C-45D6-45E1-8832-2E1B4A9A34DF}D:\warcraft iii\war3.exe] => (Allow) D:\warcraft iii\war3.exe
FirewallRules: [TCP Query User{E8A204E0-4C9E-439C-AD07-5645BCB092DD}D:\unrealtournament\system\unrealtournament.exe] => (Allow) D:\unrealtournament\system\unrealtournament.exe
FirewallRules: [UDP Query User{E01C745D-563F-48D7-8E93-B0DC28DA6A65}D:\unrealtournament\system\unrealtournament.exe] => (Allow) D:\unrealtournament\system\unrealtournament.exe
FirewallRules: [TCP Query User{FA99AC19-CF86-4CFD-B044-CD5BF05AAD51}D:\age of empires\empires.exe] => (Allow) D:\age of empires\empires.exe
FirewallRules: [UDP Query User{23871EB8-1F55-4F67-B5FE-72A447FADA4D}D:\age of empires\empires.exe] => (Allow) D:\age of empires\empires.exe
FirewallRules: [TCP Query User{E22D9232-C031-45FC-B43A-D668DA79CDE8}D:\tmnationsforever\tmforever.exe] => (Allow) D:\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{C6C05B5B-576C-4DD8-9A69-E04878E8F804}D:\tmnationsforever\tmforever.exe] => (Allow) D:\tmnationsforever\tmforever.exe
FirewallRules: [TCP Query User{1A51B2F6-E0A6-4E84-BECD-D2712BFBCFEA}D:\starcraft\starcraft.exe] => (Allow) D:\starcraft\starcraft.exe
FirewallRules: [UDP Query User{50FE553E-848C-4588-B532-7594D28095F8}D:\starcraft\starcraft.exe] => (Allow) D:\starcraft\starcraft.exe
FirewallRules: [TCP Query User{C09A39ED-7F2E-442C-82D5-2735127E1E19}D:\diablo\diablo.exe] => (Allow) D:\diablo\diablo.exe
FirewallRules: [UDP Query User{B8253A3B-FB5F-4D2C-847C-7EA52D8655B1}D:\diablo\diablo.exe] => (Allow) D:\diablo\diablo.exe
FirewallRules: [{18448BA9-4D55-44CC-9CE9-04563296FB9B}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{2D79B2CD-4AE4-4B5F-ADB0-22D190A83E16}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{F3EA509B-9FE1-457C-BDAB-6F0F2FB1AA05}D:\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{43D12523-171E-4E18-801F-89B46FF6AA43}D:\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{83D84828-EF21-40E2-8C05-278A6A5B9E8C}D:\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) D:\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [UDP Query User{F2909E42-4FDF-4E04-BA80-EBB3EA1CB443}D:\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) D:\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [TCP Query User{8F24D5FC-A704-4FF7-8BF5-5084BAA4F579}D:\quake³\quake3.exe] => (Allow) D:\quake³\quake3.exe
FirewallRules: [UDP Query User{06A24311-A7E5-4ED9-B474-8E35779D4892}D:\quake³\quake3.exe] => (Allow) D:\quake³\quake3.exe
FirewallRules: [TCP Query User{A7801A31-4FC8-447A-9E3E-FD060DB34284}D:\blobby volley 2 version 1.0\blobby.exe] => (Allow) D:\blobby volley 2 version 1.0\blobby.exe
FirewallRules: [UDP Query User{AA569BB2-B80D-416F-B368-6F889124095F}D:\blobby volley 2 version 1.0\blobby.exe] => (Allow) D:\blobby volley 2 version 1.0\blobby.exe
FirewallRules: [TCP Query User{B6756D0E-76C0-4908-8905-0D19EEC05056}D:\unrealtournament\system\tacticalops.exe] => (Allow) D:\unrealtournament\system\tacticalops.exe
FirewallRules: [UDP Query User{D5183084-D8FA-455C-816E-EF605F679429}D:\unrealtournament\system\tacticalops.exe] => (Allow) D:\unrealtournament\system\tacticalops.exe
FirewallRules: [{0943D17B-3163-4E00-9D17-AC4EB6CFA176}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{851600B4-85AB-49DB-AE50-F203C4AABAA3}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{A8BC5887-E235-46A7-974E-2DB5FCFCEAB0}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{678E68C9-0C58-4A71-AD95-802B4F12F172}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{9E4F61B7-CB90-47C6-A1DC-A1C8AEB6D473}] => (Allow) D:\Ageof Empires 2\age2_x1\age2_x2.exe
FirewallRules: [{8EE76D2B-87B3-4DA4-82CF-1F0BFD080A27}] => (Allow) D:\Ageof Empires 2\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{81FD5FD7-FE6E-4216-BE6F-0191E08FEE42}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E229CBED-FB62-429D-8E44-D35172C54FE0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{71544C33-8A0B-45AD-9C68-85D79C7907B8}] => (Allow) D:\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{554E26B8-A07D-4BD1-8AB7-263E0EC5B119}] => (Allow) D:\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{2E1811D9-9A2C-46D8-A66F-BA485B255A5E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DD4F3C66-D72F-4044-AFF3-2105E9A0CF82}] => (Allow) D:\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{A584A389-1361-47C1-A33E-53ABFF7E8A5B}] => (Allow) D:\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{A3BF4063-AD5C-40EE-AC41-96EFED4B7A13}] => (Allow) D:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{06818C13-E02A-4C6F-B011-670D8944FBE5}] => (Allow) D:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{DBFE2AF8-D008-4FBF-93D3-14987A8E0366}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A8B74BEB-B436-4335-93DC-D66C636D856C}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1663CC53-006A-4953-BC98-223513F06E7A}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{BDD392A9-63A6-498D-8BA4-65BDA5C869C3}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2015 10:12:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
Error: (06/15/2015 10:12:27 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (06/15/2015 10:12:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8
Error: (06/15/2015 10:12:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll8
Error: (06/15/2015 10:12:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (06/15/2015 10:12:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
Error: (06/14/2015 10:27:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
Error: (06/14/2015 10:27:04 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (06/14/2015 10:27:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8
Error: (06/14/2015 10:27:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8
System errors:
=============
Error: (06/15/2015 10:45:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/13/2015 11:34:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/10/2015 11:51:39 PM) (Source: DCOM) (EventID: 10010) (User: CHRIS)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}
Error: (06/10/2015 11:51:38 PM) (Source: DCOM) (EventID: 10010) (User: CHRIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (06/10/2015 11:51:38 PM) (Source: DCOM) (EventID: 10010) (User: CHRIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (06/10/2015 11:51:38 PM) (Source: DCOM) (EventID: 10010) (User: CHRIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (06/10/2015 11:51:38 PM) (Source: DCOM) (EventID: 10010) (User: CHRIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (06/10/2015 11:51:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/09/2015 11:46:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/09/2015 07:27:42 PM) (Source: DCOM) (EventID: 10016) (User: chris)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}chrisGastS-1-5-21-1551654986-3807097994-1316783454-501LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office:
=========================
Error: (06/15/2015 10:12:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
Error: (06/15/2015 10:12:27 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (06/15/2015 10:12:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8
Error: (06/15/2015 10:12:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll8
Error: (06/15/2015 10:12:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (06/15/2015 10:12:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
Error: (06/14/2015 10:27:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
Error: (06/14/2015 10:27:04 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (06/14/2015 10:27:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8
Error: (06/14/2015 10:27:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8
CodeIntegrity Errors:
===================================
Date: 2015-06-15 22:56:46.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-15 22:28:33.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-14 00:50:45.612
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-14 00:08:46.337
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-13 23:52:52.654
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-13 23:35:41.337
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-13 23:27:43.132
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-13 22:07:02.640
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-13 20:18:15.865
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-13 14:21:50.354
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 25%
Total physical RAM: 8130.73 MB
Available physical RAM: 6065.51 MB
Total Pagefile: 10114.73 MB
Available Pagefile: 7430.32 MB
Total Virtual: 131072 MB
Available Virtual: 131071.76 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:96.35 GB) (Free:40.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:731.12 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 59BC78EA)
Partition 1: (Active) - (Size=454 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=96.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A4B88719)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
16.06.2015, 16:37
| #6 |
| | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache gmer 1 Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-15 23:14:14
Windows 6.2.9200 x64
Running: Gmer-19357.exe
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x51 0x9E 0xB4 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xC9 0x0A 0x54 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE 150
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\GSM57A4102TPWQ1U481_02_07DB_A2+GSM57A4102TPAE1U480_02_07DB_C6^BAA0D93C4373EB28E12FE9C482B9F402@Timestamp 0x94 0x2B 0x2F 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 792
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B4660879-FD0A-4D03-B6A6-9C56BF90518C}\Connection@Name isatap.fritz.box
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Canon BJNP Port\Ports@SearchOrder 0
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Canon BJNP Port\Ports\CNBJNP_180CACCBF924
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Canon BJNP Port\Ports\CNBJNP_180CACCBF924@TargetAddress 464693440
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Canon BJNP Port\Ports\CNBJNP_180CACCBF924@TargetMAC 18-0C-AC-CB-F9-24
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Canon BJNP Port\Ports\CNBJNP_180CACCBF924@TargetPort 8611
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\PrintConfig.dll?\??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\PrintConfig.dll?\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp\Bu_.exe??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\Beckz\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\User
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 4521751
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 2032053062
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 153
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 445238326
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 9300
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 8567
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 4a3e7a03-d571-4311-ac89-74864d5
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 2
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\RAC_PS@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\acpiex\Parameters\Wdf@TimeOfLastSqmLog 0x91 0x38 0x2A 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cdrom\Parameters\Wdf@TimeOfLastSqmLog 0xA0 0xF2 0x26 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastSqmLog 0xAF 0x7E 0xF2 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{73cbaf5b-d5f6-4c1f-a7cd-6026d7266f3f}@LastProbeTime 1434238460
Reg HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\TriggerInfo
Reg HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\TriggerInfo\0
Reg HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\TriggerInfo\0@Type 6
Reg HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\TriggerInfo\0@Action 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\TriggerInfo\0@GUID 0x67 0xD1 0x90 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\TriggerInfo\0@Data0 0x32 0x00 0x45 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\TriggerInfo\0@DataType0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastSqmLog 0xE6 0xF3 0x07 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\intelppm\Parameters\Wdf@TimeOfLastSqmLog 0x37 0x2B 0x60 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B4660879-FD0A-4D03-B6A6-9C56BF90518C}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B4660879-FD0A-4D03-B6A6-9C56BF90518C}@DefunctTimestamp 0x63 0x23 0x7F 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\34-31-c4-45-ba-13@AddressCreationTimestamp 0x98 0xB7 0x8F 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\34-31-c4-45-ba-13@ClientLocalPort 60828
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\34-31-c4-45-ba-13@TeredoAddress 2001:0:5ef5:79fd:2068:1263:b1dd:5edc
Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastSqmLog 0x88 0x27 0x2B 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\msisadrv\Parameters\Wdf@TimeOfLastSqmLog 0xFE 0xC1 0x33 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastSqmLog 0x37 0x2B 0x60 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\nsi@RequiredPrivileges SeCreateGlobalPrivilege?SeImpersonatePrivilege?
Reg HKLM\SYSTEM\CurrentControlSet\Services\nsi\Parameters@ServiceDll %systemroot%\system32\nsisvc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\nsi
Reg HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog 0x3C 0x16 0x66 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Point64\Parameters\Wdf@TimeOfLastSqmLog 0xE4 0xBD 0x1D 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 19067
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 4020
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 152
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E03971CE-16A2-4630-A618-CDA4E8760159}@LeaseObtainedTime 1434395497
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E03971CE-16A2-4630-A618-CDA4E8760159}@T1 1434827497
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E03971CE-16A2-4630-A618-CDA4E8760159}@T2 1435151497
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E03971CE-16A2-4630-A618-CDA4E8760159}@LeaseTerminatesTime 1435259497
Reg HKLM\SYSTEM\CurrentControlSet\Services\UCX01000\Parameters\Wdf@TimeOfLastSqmLog 0x9E 0x57 0xEB 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastSqmLog 0xAF 0x7E 0xF2 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UmPass\Parameters\Wdf@TimeOfLastSqmLog 0xFD 0x0D 0xDD 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastSqmLog 0x48 0x5B 0x78 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastSqmLog 0x50 0x1B 0x0F 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrvroot\Parameters\Wdf@TimeOfLastSqmLog 0x9B 0x99 0x4B 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\.html
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\.html@ htmlfile
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\.jpg
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\.jpg@ jpegfile
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\.mp3
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\.mp3@ WMP11.AssocFile.MP3
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\.mp4
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\.mp4@ WMP11.AssocFile.MP4
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\.pdf
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\.png
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\.png@ pngfile
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\CLSID
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Directory
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Directory@ File Folder
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxHTML
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxHTML@ Firefox HTML Document
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxHTML\shell
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxHTML\shell@ open
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxHTML\shell\open
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxHTML\shell\open\command
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxHTML\shell\open\command@ "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxURL
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxURL@ Firefox URL
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxURL\shell
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxURL\shell@ open
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxURL\shell\open
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxURL\shell\open\command
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxURL\shell\open\command@ "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexec
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexec@
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTP
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTP@ URL:HyperText Transfer Protocol
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTP\DefaultIcon
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTP\DefaultIcon@ C:\Windows\System32\url.dll,0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTP\shell
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTP\shell@ open
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTP\shell\open
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTP\shell\open\command
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTP\shell\open\command@ "C:\Program Files\Internet Explorer\iexplore.exe" %1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTPS
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTPS@ URL:HyperText Transfer Protocol with Privacy
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTPS\DefaultIcon
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTPS\DefaultIcon@ C:\Windows\System32\url.dll,0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTPS\shell
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTPS\shell@ open
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTPS\shell\open
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTPS\shell\open\command
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\HTTPS\shell\open\command@ "C:\Program Files\Internet Explorer\iexplore.exe" %1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\lnkfile
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\lnkfile@ Shortcut
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\MIME
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\MIME\Database
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/pdf
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\PROTOCOLS
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}@0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}@ SQLOLEDB
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}@OLEDB_SERVICES -1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\ExtendedErrors
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\ExtendedErrors@ Extended Error Service
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\ExtendedErrors\{C0932C62-38E5-11d0-97AB-00C04FC2AD98}
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\ExtendedErrors\{C0932C62-38E5-11d0-97AB-00C04FC2AD98}@ SQLOLEDB Error Lookup
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\Implemented Categories
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\Implemented Categories\{D267E19A-0B97-11D2-BB1C-00C04FC9B532}
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\InprocServer32
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\InprocServer32@ %CommonProgramFiles%\System\Ole DB\sqloledb.dll
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\InprocServer32@ThreadingModel Both
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\OLE DB Provider
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\OLE DB Provider@ Microsoft OLE DB Provider for SQL Server
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\ProgID
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\ProgID@ SQLOLEDB.1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\VersionIndependentProgID
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{36553F35-CFD9-19CA-E12D-943143F5B821}\VersionIndependentProgID@ SQLOLEDB
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}@ DirectSound Audio Renderer
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk@Num 22
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\0@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.arabic.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\0@Name ??????? - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\0@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\0@LANGID 1025
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\0@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\1@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.brazilian.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\1@Name Portugu?s (Brasil) - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\1@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\1@LANGID 1046
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\1@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\10
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\10@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.german.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\10@Name Deutsch - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\10@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\10@LANGID 1031
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\10@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\11
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\11@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.greek.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\11@Name E??????? - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\11@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\11@LANGID 1032
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\11@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\12
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\12@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.hungarian.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\12@Name Magyar - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\12@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\12@LANGID 1038
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\12@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\13
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\13@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.italian.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\13@Name Italiano - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\13@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\13@LANGID 1040
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\13@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\14
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\14@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.persian.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\14@Name ????? - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\14@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\14@LANGID 1065
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\14@RTL 1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\15
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\15@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.polish.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\15@Name Polski - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\15@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\15@LANGID 1045
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\15@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\16
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\16@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.russian.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\16@Name ???????
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\16@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\16@LANGID 1049
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\16@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\17
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\17@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.serbian.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\17@Name ?????? - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\17@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\17@LANGID 3098
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\17@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\18
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\18@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.spanish.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\18@Name Espa?ol - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\18@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\18@LANGID 1034
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\18@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\19
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\19@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.swedish.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\19@Name Svenska - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\19@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\19@LANGID 1053
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\19@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\2
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\2@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.bulgarian.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\2@Name ????????? - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\2@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\2@LANGID 1026
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\2@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\20
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\20@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.turkish.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\20@Name T?rk?e - By COMODO
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\20@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\20@LANGID 1055
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\20@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\21
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\21@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.ukrainian.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\21@Name ?????????? ? By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\21@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\21@LANGID 1058
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\21@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\3
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\3@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.chinese.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\3@Name ???? (??)
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\3@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\3@LANGID 2052
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\3@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\4
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\4@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.chinesetraditional.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\4@Name ???? - by Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\4@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\4@LANGID 1028
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\4@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\5
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\5@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.croatian.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\5@Name Hrvatski (Croatian) - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\5@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\5@LANGID 1050
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\5@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\6
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\6@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.czech.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\6@Name ?e?tina (Czech) - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\6@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\6@LANGID 1029
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\6@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\7
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\7@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.dutch.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\7@Name Nederlands - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\7@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\7@LANGID 1043
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\7@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\8
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\8@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.estonian.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\8@Name Eesti keel - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\8@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\8@LANGID 1061
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\8@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\9
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\9@Path C:\Program Files\COMODO\COMODO Internet Security\translations\virtkiosk.french.lang
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\9@Name Fran?ais - By Community
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\9@Help
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\9@LANGID 1036
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\CIS\Options\Langs.virtkiosk\9@RTL 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ServiceCurrent
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ServiceCurrent@ 4
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Appinfo
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Appinfo@Type 32
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Appinfo@Start 3
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Appinfo@ErrorControl 1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Appinfo@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Appinfo@DisplayName @%systemroot%\system32\appinfo.dll,-101
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Appinfo@ObjectName LocalSystem
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Appinfo\Security
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Appinfo\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CLPSLauncher
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CLPSLauncher@Type 16
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CLPSLauncher@Start 2
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CLPSLauncher@ErrorControl 1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CLPSLauncher@ImagePath "C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe"
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CLPSLauncher@DisplayName COMODO LPS Launcher
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CLPSLauncher@ObjectName LocalSystem
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CLPSLauncher\Security
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CLPSLauncher\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DcomLaunch
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DcomLaunch@Type 32
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DcomLaunch@Start 2
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DcomLaunch@ErrorControl 1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DcomLaunch@ImagePath %SystemRoot%\system32\svchost.exe -k DcomLaunch
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DcomLaunch@DisplayName DCOM Server Process Launcher
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DcomLaunch@ObjectName LocalSystem
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DcomLaunch\Security
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DcomLaunch\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gpsvc
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gpsvc@Type 32
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gpsvc@Start 2
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gpsvc@ErrorControl 1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gpsvc@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gpsvc@DisplayName @gpapi.dll,-112
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gpsvc@ObjectName LocalSystem
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gpsvc\Security
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gpsvc\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIServer
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIServer@Type 32
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIServer@Start 3
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIServer@ErrorControl 1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIServer@ImagePath %SystemRoot%\system32\msiexec.exe /V
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIServer@DisplayName Windows Installer
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIServer@ObjectName LocalSystem
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIServer\Security
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIServer\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nsi
|
|
16.06.2015, 16:38
| #7 |
| | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache gmer 2 Code:
ATTFilter Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nsi@Type 32
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nsi@Start 2
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nsi@ErrorControl 1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nsi@ImagePath %SystemRoot%\system32\svchost.exe -k LocalService
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nsi@DisplayName @nsisvc.dll,-200
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nsi@ObjectName LocalSystem
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nsi\Security
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nsi\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcEptMapper
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcEptMapper@Type 32
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcEptMapper@Start 2
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcEptMapper@ErrorControl 1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcEptMapper@ImagePath %SystemRoot%\system32\svchost.exe -k rpcss
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcEptMapper@DisplayName RPC Endpoint Mapper
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcEptMapper@ObjectName NT AUTHORITY\NetworkService
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcEptMapper\Security
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcEptMapper\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcSs
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcSs@Type 32
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcSs@Start 2
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcSs@ErrorControl 1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcSs@ImagePath %SystemRoot%\system32\svchost.exe -k rpcss
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcSs@DisplayName Remote Procedure Call (RPC)
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcSs@ObjectName NT AUTHORITY\NetworkService
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcSs\Security
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcSs\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TrustedInstaller
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TrustedInstaller@Type 32
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TrustedInstaller@Start 3
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TrustedInstaller@ErrorControl 1
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TrustedInstaller@ImagePath %SystemRoot%\servicing\TrustedInstaller.exe
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TrustedInstaller@DisplayName @%SystemRoot%\servicing\TrustedInstaller.exe,-100
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TrustedInstaller@ObjectName LocalSystem
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TrustedInstaller\Security
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Comodo\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TrustedInstaller\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability\shutdown
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability\shutdown@ReasonCode 327935
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Policies
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Policies\Microsoft
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node@
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Aureal
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Aureal\A3D
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Aureal\A3D@SplashScreen 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Aureal\A3D@Splashaudio 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Blizzard Entertainment
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Blizzard Entertainment\Starcraft
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Blizzard Entertainment\Starcraft@InstallPath D:\StarCraft\
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Blizzard Entertainment\Starcraft@GamePath D:\StarCraft\Starcraft.exe
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Blizzard Entertainment\Starcraft@UninstallPath C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft\Uninstall.exe
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Licenses
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Licenses@{K7C0DB872A3F777C0} 0x5A 0xD3 0xA2 0xB2 ...
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Licenses@{I8F7D82CFC5BF5E4C} 0x04 0x00 0x00 0x00
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication@Name UnrealTournament.exe
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Bug!
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\DemolitionDerby2
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Diablo
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Fix.age2_x2.exe
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MortalKombat3
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MsGolf98
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NHLPowerPlay
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Rogue Squadron
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Savage
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ScorchedPlanet
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\SilentThunder
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft100
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft115
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraftDemo
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Terracide
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ThirdDimension
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisQualityBenchmark
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisWinMarkBenchmark
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication@Name UnrealTournament.exe
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication@ID 972445616
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Microsoft Games
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Microsoft Games\Age of Empires II: The Conquerors Expansion
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Microsoft Games\Age of Empires II: The Conquerors Expansion\1.0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Microsoft Games\Age of Empires II: The Conquerors Expansion\1.0@Processor Speed 3193
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Microsoft Games\Age of Empires II: The Conquerors Expansion\1.0@Custom Mouse 0
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters@TrapPollTimeMilliSecs 15000
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\tapi32
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StarCraft
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StarCraft@DisplayIcon D:\StarCraft\Starcraft.exe
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StarCraft@DisplayName StarCraft
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StarCraft@UninstallString C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft\Uninstall.exe
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StarCraft@Publisher Blizzard Entertainment
Reg HKLM\SYSTEM\VritualRoot\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting
Reg HKLM\SYSTEM\VritualRoot\USER\S-1-5-21-1551654986-3807097994-1316783454-1002\Software\Blizzard Entertainment\Downloader\68067259C0CE61B291898434150EC7221742E88F
Reg HKLM\SYSTEM\VritualRoot\USER\S-1-5-21-1551654986-3807097994-1316783454-1002\Software\Blizzard Entertainment\Downloader\68067259C0CE61B291898434150EC7221742E88F@Path
Reg HKLM\SYSTEM\VritualRoot\USER\S-1-5-21-1551654986-3807097994-1316783454-1002\Software\Microsoft\Multimedia\WaveOwner@RemoteWaveWindow
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 563
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent@ColorSet_Version3 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent@StartColor -14869219
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent@AccentColor -498688
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent@MotionAccentId_v1.00 219
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\NoRoam
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\NoRoam@UseCustomColorSet 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@Start_SearchFiles 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ServerAdminUI 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@Hidden 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ShowCompColor 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@HideFileExt 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@DontPrettyPath 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ShowInfoTip 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@HideIcons 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@MapNetDrvBtn 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@WebView 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@Filter 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ShowSuperHidden 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@SeparateProcess 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@AutoCheckSelect 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@IconsOnly 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ShowTypeOverlay 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ShowStatusBar 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ListviewAlphaSelect 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ListviewShadow 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@TaskbarAnimations 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@StartMenuInit 6
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ReindexedProfile 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@TaskbarSizeMove 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@DisablePreviewDesktop 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@TaskbarGlomLevel 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@MMTaskbarEnabled 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@MMTaskbarMode 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@MMTaskbarGlomLevel 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@TaskbarSmallIcons 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@DontUsePowerShellOnWinX 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@StoreAppsOnTaskbar 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@Start_JumpListItems 10
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AppContract
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AppContract\Windows.Protocol
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AppContract\Windows.Search
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AppContract\Windows.ShareTarget
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers@DisableAutoplay 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\CameraMemoryOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\CameraMemoryOnArrival@DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\MixedContentOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\MixedContentOnArrival@DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival@DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\ShowPicturesOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\ShowPicturesOnArrival@DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\UnknownContentOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\UnknownContentOnArrival@DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\WPD
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\WPD\Function
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\WPD\Function\{23F05BBC-15DE-4C2A-A55B-A9AF5CE412EF}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\WPD\Function\{23F05BBC-15DE-4C2A-A55B-A9AF5CE412EF}@DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\WPD\ImageSource
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\WPD\Source
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\WPD\Source\{9261B03C-3D78-4519-85E3-02C5E1F50BB9}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\WPD\Source\{9261B03C-3D78-4519-85E3-02C5E1F50BB9}@DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\WPD\Source\{EF2107D5-A52A-4243-A26B-62D4176D7603}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\WPD\Source\{EF2107D5-A52A-4243-A26B-62D4176D7603}@DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\WPD\VideoSource
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection@
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\AutorunINFLegacyArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\AutorunINFLegacyArrival@ MSAutoRun
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\CameraMemoryOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\CameraMemoryOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\MixedContentOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\MixedContentOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\PlayEnhancedCDOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\PlayEnhancedCDOnArrival@ MSTakeNoAction
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\PlayVideoFilesOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\PlayVideoFilesOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\ShowPicturesOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\ShowPicturesOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\StorageOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\StorageOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\UnknownContentOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\UnknownContentOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&0&0000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&0&0000@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&1&0000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&1&0000@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&2&0000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&2&0000@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\WpdDeviceHandler_USB#VID_04E8&PID_6865#D7465353
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\WpdDeviceHandler_USB#VID_04E8&PID_6865#D7465353@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\DropboxAutoplay@Action Fotos und Videos importieren
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\DropboxAutoplay@DefaultIcon C:\Users\Beckz\AppData\Roaming\Dropbox\bin\Dropbox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\DropboxAutoplay@Provider Dropbox
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\DropboxAutoplay@ProgID Dropbox.AutoplayEventHandler
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\DropboxAutoplay@InvokeProgId Dropbox.AutoplayEventHandler
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\DropboxAutoplay@InvokeVerb import
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860#D7465353
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860#D7465353@ContainerID {D20044F7-B868-508B-BB38-C51A0C9D1033}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860#D7465353@Label SM-G900F
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860#D7465353@Icon %SystemRoot%\system32\wpdshext.dll,-704
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860#D7465353\KnownInterfaces
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860#D7465353\KnownInterfaces@\\?\USB#VID_04E8&PID_6860#d7465353#{c9c19988-aeba-4731-aad6-db79968703c6}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&0&0000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&0&0000@ContainerID {D20044F7-B868-508B-BB38-C51A0C9D1033}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&0&0000@Label SM-G900F
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&0&0000@Icon %SystemRoot%\system32\wpdshext.dll,-704
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&0&0000\KnownInterfaces
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&0&0000\KnownInterfaces@\\?\USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android#6&17624408&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&0&0000\KnownInterfaces@\\?\USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android#6&17624408&0&0000#{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&0&0000\KnownInterfaces@\\?\USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android#6&17624408&0&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&1&0000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&1&0000@ContainerID {D20044F7-B868-508B-BB38-C51A0C9D1033}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&1&0000@Label ************ (Galaxy S
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&1&0000@Icon %SystemRoot%\system32\wpdshext.dll,-704
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&1&0000\KnownInterfaces
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&1&0000\KnownInterfaces@\\?\USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android#6&17624408&1&0000#{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&1&0000\KnownInterfaces@\\?\USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android#6&17624408&1&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&1&0000\KnownInterfaces@\\?\USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android#6&17624408&1&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&2&0000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&2&0000@ContainerID {D20044F7-B868-508B-BB38-C51A0C9D1033}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&2&0000@Label ************ (Galaxy S
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&2&0000@Icon %SystemRoot%\system32\wpdshext.dll,-704
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&2&0000\KnownInterfaces
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&2&0000\KnownInterfaces@\\?\USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android#6&17624408&2&0000#{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&2&0000\KnownInterfaces@\\?\USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android#6&17624408&2&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&2&0000\KnownInterfaces@\\?\USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android#6&17624408&2&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6865#D7465353
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6865#D7465353@ContainerID {C664FA4A-4AE5-5DC1-9DED-527AEAC6F3F0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6865#D7465353@Label ************ (Galaxy S
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6865#D7465353@Icon %SystemRoot%\system32\wpdshext.dll,-702
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6865#D7465353\KnownInterfaces
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6865#D7465353\KnownInterfaces@\\?\USB#VID_04E8&PID_6865#d7465353#{10497b1b-ba51-44e5-8318-a65c837b6661}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6865#D7465353\KnownInterfaces@\\?\USB#VID_04E8&PID_6865#d7465353#{6ac27878-a6fa-4155-ba85-f98f491d4f33}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_04E8&PID_6865#D7465353\KnownInterfaces@\\?\USB#VID_04E8&PID_6865#d7465353#{6bdd1fc6-810f-11d0-bec7-08002be2092f}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0@ContainerID {4CEF91B7-6363-11E3-BE99-AC220B78BEA7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0@Label Chris' iPhone
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0@Icon %SystemRoot%\system32\usbaaplrc.dll,-103
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0\KnownInterfaces
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0\KnownInterfaces@\\?\USB#VID_05AC&PID_1294&MI_00#0#{10497b1b-ba51-44e5-8318-a65c837b6661}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0\KnownInterfaces@\\?\USB#VID_05AC&PID_1294&MI_00#0#{6ac27878-a6fa-4155-ba85-f98f491d4f33}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0\KnownInterfaces@\\?\USB#VID_05AC&PID_1294&MI_00#0#{6bdd1fc6-810f-11d0-bec7-08002be2092f}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers@
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\AutorunINFLegacyArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\AutorunINFLegacyArrival@ MSPromptEachTime
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\CameraAlternate
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\CameraAlternate\MixedContentOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\CameraAlternate\MixedContentOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\CameraAlternate\PlayVideoFilesOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\CameraAlternate\PlayVideoFilesOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\CameraAlternate\ShowPicturesOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\CameraAlternate\ShowPicturesOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\MixedContentOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\MixedContentOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\PlayEnhancedCDOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\PlayEnhancedCDOnArrival@ MSPromptEachTime
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\PlayVideoFilesOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\PlayVideoFilesOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\ShowPicturesOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\ShowPicturesOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\StorageOnArrival
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\StorageOnArrival@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&0&0000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&0&0000@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&1&0000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&1&0000@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&2&0000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\WpdDeviceHandler_USB#VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID#6&17624408&2&0000@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\WpdDeviceHandler_USB#VID_04E8&PID_6865#D7465353
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\WpdDeviceHandler_USB#VID_04E8&PID_6865#D7465353@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0@ DropboxAutoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket@LastEnum 0,{699d92f2-417a-11e3-be80-806e6f6e6963}?0,{699d92f0-417a-11e3-be80-806e6f6e6963}?
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{129694de-74d6-11e3-bea1-ac220b78bea7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{129694de-74d6-11e3-bea1-ac220b78bea7}@MaxCapacity 17306
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{129694de-74d6-11e3-bea1-ac220b78bea7}@NukeOnDelete 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{150bbae2-1b9b-11e4-bedb-ac220b78bea7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{150bbae2-1b9b-11e4-bedb-ac220b78bea7}@MaxCapacity 25893
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{150bbae2-1b9b-11e4-bedb-ac220b78bea7}@NukeOnDelete 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{37f5a060-cedc-11e4-bf08-ac220b78bea7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{37f5a060-cedc-11e4-bf08-ac220b78bea7}@MaxCapacity 49739
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{37f5a060-cedc-11e4-bf08-ac220b78bea7}@NukeOnDelete 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{699d92f0-417a-11e3-be80-806e6f6e6963}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{699d92f0-417a-11e3-be80-806e6f6e6963}@MaxCapacity 6981
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{699d92f0-417a-11e3-be80-806e6f6e6963}@NukeOnDelete 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{699d92f2-417a-11e3-be80-806e6f6e6963}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{699d92f2-417a-11e3-be80-806e6f6e6963}@MaxCapacity 49741
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{699d92f2-417a-11e3-be80-806e6f6e6963}@NukeOnDelete 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState@Settings 0x0C 0x00 0x02 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState@FullPath 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning@CD Recorder Drive \\?\Volume{699d92f8-417a-11e3-be80-806e6f6e6963}\
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning@DriveIndex 6
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{699d92f8-417a-11e3-be80-806e6f6e6963}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{699d92f8-417a-11e3-be80-806e6f6e6963}@Drive Type 21495
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{699d92f8-417a-11e3-be80-806e6f6e6963}@IsImapiDataBurnSupported 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo@NextStagingPathIndex 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{37f5a09d-cedc-11e4-bf08-ac220b78bea7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{37f5a09d-cedc-11e4-bf08-ac220b78bea7}@StagingPath C:\Users\Beckz\AppData\Local\Microsoft\Windows\Burn\Burn1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{37f5a09d-cedc-11e4-bf08-ac220b78bea7}@Active 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{37f5a09d-cedc-11e4-bf08-ac220b78bea7}@DriveNumber 7
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{699d92f8-417a-11e3-be80-806e6f6e6963}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{699d92f8-417a-11e3-be80-806e6f6e6963}@StagingPath C:\Users\Beckz\AppData\Local\Microsoft\Windows\Burn\Burn
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{699d92f8-417a-11e3-be80-806e6f6e6963}@Active 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{699d92f8-417a-11e3-be80-806e6f6e6963}@DriveNumber 6
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{6dc502e3-cb03-11e4-bf05-ac220b78bea7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{6dc502e3-cb03-11e4-bf05-ac220b78bea7}@StagingPath C:\Users\Beckz\AppData\Local\Microsoft\Windows\Burn\Burn1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{6dc502e3-cb03-11e4-bf05-ac220b78bea7}@Active 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{6dc50353-cb03-11e4-bf05-ac220b78bea7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{6dc50353-cb03-11e4-bf05-ac220b78bea7}@StagingPath C:\Users\Beckz\AppData\Local\Microsoft\Windows\Burn\Burn2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{6dc50353-cb03-11e4-bf05-ac220b78bea7}@Active 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{6dc50353-cb03-11e4-bf05-ac220b78bea7}@DriveNumber 4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{b50e1ade-d217-11e3-bec0-ac220b78bea7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{b50e1ade-d217-11e3-bec0-ac220b78bea7}@StagingPath C:\Users\Beckz\AppData\Local\Microsoft\Windows\Burn\Burn1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{b50e1ade-d217-11e3-bec0-ac220b78bea7}@Active 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{fdbfa1bc-4185-11e3-be83-ac220b78bea7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{fdbfa1bc-4185-11e3-be83-ac220b78bea7}@StagingPath C:\Users\Beckz\AppData\Local\Microsoft\Windows\Burn\Burn1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{fdbfa1bc-4185-11e3-be83-ac220b78bea7}@Active 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{fdbfa1bc-4185-11e3-be83-ac220b78bea7}@DriveNumber 11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings\ProperTreeModuleInner
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings\ProperTreeModuleInner@ProperTreeModuleInner 0x9C 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon@ C:\Windows\System32\imageres.dll,-109
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\DefaultIcon
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\DefaultIcon@ C:\Windows\System32\imageres.dll,-123
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon@empty %SystemRoot%\System32\imageres.dll,-55
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon@full %SystemRoot%\System32\imageres.dll,-54
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon@ %SystemRoot%\System32\imageres.dll,-55
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder@Attributes 1048576
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{8E74D236-7F35-4720-B138-1FED0B85EA75}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{8E74D236-7F35-4720-B138-1FED0B85EA75}\ShellFolder
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{8E74D236-7F35-4720-B138-1FED0B85EA75}\ShellFolder@Attributes 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\DefaultIcon
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\DefaultIcon@ C:\Windows\System32\imageres.dll,-25
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ConflictResolutionDialog
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ConflictResolutionDialog@SkipSameDateAndSize 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel@AllItemsIconView 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel@StartupPage 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable
|
|
16.06.2015, 16:40
| #8 |
| | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache gmer 3 Code:
ATTFilter Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum@Implementing 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum@Implementing 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum@Implementing 0x1C 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum@Implementing 0x1C 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum@Implementing 0x1C 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}\Enum
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}\Enum@Implementing 0x1C 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum@Implementing 0x1C 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew@Classes .bmp?.contact?.jnt?.library-ms?.lnk?.odg?.odp?.ods?.odt?.rtf?.txt?.zip?Folder?
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew@~reserved~ 0x08 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.0\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids@WMP11.AssocFile.3G2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice@Hash ggONFfb9S/U=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice@ProgId WMP11.AssocFile.3G2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids@WMP11.AssocFile.3GP
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice@Hash X/okMVEt7yw=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice@ProgId WMP11.AssocFile.3GP
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\OpenWithProgids@WMP11.AssocFile.3G2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice@Hash c3pM/9DtXGo=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice@ProgId WMP11.AssocFile.3G2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\OpenWithProgids@WMP11.AssocFile.3GP
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice@Hash 2Wl80A6yCUk=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice@ProgId WMP11.AssocFile.3GP
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.7z
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.7z\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.7z\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.7z\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids@WMP11.AssocFile.ADTS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice@Hash q0uZbqppAGM=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice@ProgId WMP11.AssocFile.ADTS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acrobatsecuritysettings
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acrobatsecuritysettings\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acrobatsecuritysettings\UserChoice@Progid AcroExch.acrobatsecuritysettings
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acrobatsecuritysettings\UserChoice@Hash bIgC74tB5zY=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\OpenWithProgids@WMP11.AssocFile.ADTS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice@Hash C0wCsVDoSiU=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice@ProgId WMP11.AssocFile.ADTS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\OpenWithProgids@WMP11.AssocFile.ADTS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice@Hash 2BUFBIuimPI=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice@ProgId WMP11.AssocFile.ADTS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIF\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIF\OpenWithProgids@WMP11.AssocFile.AIFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIFC
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIFC\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIFC\OpenWithProgids@WMP11.AssocFile.AIFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIFF\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIFF\OpenWithProgids@WMP11.AssocFile.AIFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.air
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.air\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.air\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.air\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.air\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.air\OpenWithProgids@AIR.InstallerPackage
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.api
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.api\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.api\UserChoice@Progid AcroExch.Plugin
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.api\UserChoice@Hash O51wpjyfAQc=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.appref-ms
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.appref-ms\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.appref-ms\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.appref-ms\OpenWithProgids@Application.Reference
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice@Hash oYv9qraeyIE=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asc\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asc\OpenWithList@a scad3.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asc\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asc\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asc\OpenWithProgids@LTspice.Schematic
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithProgids@WMP11.AssocFile.ASF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithProgids@WMP11.AssocFile.ASX
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AU
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AU\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AU\OpenWithProgids@WMP11.AssocFile.AU
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids@WMP11.AssocFile.AVI
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice@Hash 5TYwm7/kiCI=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice@ProgId WMP11.AssocFile.AVI
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b5t
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b5t\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b6t
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b6t\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList@a DllHost.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids@Paint.Picture
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice@Hash 5ZwaMHEu9y0=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice@ProgId Paint.Picture
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwt\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bz2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bz2\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bz2\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bz2\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids@CABFolder
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccd
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccd@Application VCDMount.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccd\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccip
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccip\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccip\OpenWithList@a dfshim.dll
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccip\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccip\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccip\OpenWithProgids@CurseClient.InstallPackage
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdi
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdi\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml\OpenWithProgids@Microsoft.PowerShellCmdletDefinitionXML.1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\OpenWithList@a NOTEPAD.EXE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\OpenWithList@MRUList ab
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\OpenWithList@b firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\OpenWithProgids@cfg_auto_file
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/fwlink/?LinkID=246409
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/fwlink/?LinkID=246409\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/fwlink/?LinkID=246409\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/fwlink/?LinkID=246409\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/fwlink/p/?LinkId=296426
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/fwlink/p/?LinkId=296426\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/fwlink/p/?LinkId=296426\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/fwlink/p/?LinkId=296426\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/fwlink/p/?LinkId=313097
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/fwlink/p/?LinkId=313097\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/fwlink/p/?LinkId=313097\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/fwlink/p/?LinkId=313097\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.config
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.config\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.config\OpenWithList@a NOTEPAD.EXE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.config\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.contact
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.contact\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.contact\OpenWithProgids@contact_wab_auto_file
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice@Hash 8dzTIedQTz0=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice@Hash ceN1MlMQT9M=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids@CSSfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\OpenWithProgids@ddsfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.de
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.de\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.de\OpenWithList@a IEXPLORE.EXE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.de\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.deskthemepack
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.deskthemepack\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.deskthemepack\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.deskthemepack\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.deskthemepack\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.deskthemepack\OpenWithProgids@desktopthemepackfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids@Paint.Picture
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice@Hash +ztgSgPvCg4=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice@ProgId Paint.Picture
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids@dllfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList@MRUList ba
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList@b soffice.bin
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids@OemOobe.Document
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList@MRUList cab
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList@b FIRSTRUN.EXE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList@c soffice.bin
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids@docxfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids@OpenOffice.Docx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice@Hash mTjz3tu7GEo=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice@ProgId OemOobe.Document
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids@OemOobe.Document
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dvd
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dvd@Application VCDMount.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dwfx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dwfx\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dwfx\OpenWithProgids@Windows.XPSReachViewer
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.easmx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.easmx\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.easmx\OpenWithProgids@Windows.XPSReachViewer
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.edrwx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.edrwx\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.edrwx\OpenWithProgids@Windows.XPSReachViewer
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids@emffile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eprtx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eprtx\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eprtx\OpenWithProgids@Windows.XPSReachViewer
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice@Hash Lrz0tkPUl+I=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids@exefile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fdf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fdf\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fdf\UserChoice@Progid AcroExch.FDFDoc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fdf\UserChoice@Hash kqh2E5ZENHQ=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids@fonfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids@giffile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice@Hash rJAmluqbaI0=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice@ProgId giffile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gz
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gz\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gz\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gz\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids@FirefoxHTML
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids@ChromeHTML
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids@FirefoxHTML
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids@ChromeHTML
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids@icofile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img\OpenWithList@a Win32DiskImager.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img\OpenWithProgids@Windows.IsoFile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.import
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.import\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.import\OpenWithList@a NOTEPAD.EXE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.import\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithList@a NOTEPAD.EXE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids@inifile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso@Application VCDMount.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\OpenWithList@a VCDMount.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\OpenWithProgids@Windows.IsoFile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\OpenWithProgids@elby.VCDMount.1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice@Hash OcgNzG1WDKc=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice@ProgId elby.VCDMount.1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.isz
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.isz\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\OpenWithProgids@iTunes.itls
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\OpenWithProgids@iTunes.itms
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\OpenWithProgids@iTunes.itpc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids@pjpegfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice@Hash Xku502KvnfY=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice@ProgId pjpegfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids@jpegfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice@Hash tU1eBmo7PvI=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice@ProgId jpegfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids@jpegfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice@Hash rygatbBZK08=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice@ProgId jpegfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList@MRUList bac
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList@b DllHost.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList@c mspaint.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids@jpegfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice@Hash V8BZgyR0Pg4=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice@ProgId jpegfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg&subject=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg&subject=\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jps
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jps\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jps\OpenWithProgids@jpsfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jtx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jtx\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jtx\OpenWithProgids@Windows.XPSReachViewer
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr
|
|
16.06.2015, 16:41
| #9 |
| | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache gmer 4 Code:
ATTFilter Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\OpenWithProgids@wdpfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\UserChoice@Hash hYK4kGPtAIE=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\UserChoice@ProgId wdpfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice@Hash r43mT1m2xw0=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids@lnkfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M1V
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M1V\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M1V\OpenWithProgids@WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\OpenWithProgids@WMP11.AssocFile.M2TS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\OpenWithProgids@WMP11.AssocFile.M2TS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\OpenWithProgids@WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids@WMP11.AssocFile.m3u
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids@WMP11.AssocFile.M4A
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice@Hash 0iJxjKCvjf4=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice@ProgId WMP11.AssocFile.M4A
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\OpenWithProgids@iTunes.m4r
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids@WMP11.AssocFile.MP4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice@Hash FldhTjA3b0E=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice@ProgId WMP11.AssocFile.MP4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdf\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdf\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds\OpenWithList@a DTLite.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdx\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids@mhtmlfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithProgids@mhtmlfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MID
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MID\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MID\OpenWithList@a wmplayer.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MID\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MID\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MID\OpenWithProgids@WMP11.AssocFile.MIDI
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIDI
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIDI\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIDI\OpenWithProgids@WMP11.AssocFile.MIDI
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\OpenWithProgids@WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids@WMP11.AssocFile.MOV
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice@Hash 9xlU5l/X65Q=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice@ProgId WMP11.AssocFile.MOV
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\OpenWithProgids@WMP11.AssocFile.MP3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\UserChoice@Hash GbzOe7/N8zU=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\UserChoice@ProgId WMP11.AssocFile.MP3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2V
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2V\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2V\OpenWithProgids@WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList@MRUList ba
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList@b wmplayer.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithProgids@WMP11.AssocFile.MP3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice@Hash Kmk4lO8n+4I=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice@ProgId WMP11.AssocFile.MP3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList@a MovieMaker.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList@MRUList ba
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList@b wmplayer.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithProgids@WMP11.AssocFile.MP4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice@Hash X+NWDURJml0=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice@ProgId WMP11.AssocFile.MP4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\OpenWithProgids@WMP11.AssocFile.MP4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice@Hash 1p8j5CymTlM=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice@ProgId WMP11.AssocFile.MP4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\OpenWithProgids@WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice@Hash me8j2/gh5mo=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice@ProgId WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\OpenWithProgids@WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\UserChoice@Hash uNQgQ4Xcl8E=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\UserChoice@ProgId WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\OpenWithProgids@WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice@Hash Mi9hlVg73TE=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice@ProgId WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithProgids@WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice@Hash k2ICVNyVTy8=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice@ProgId WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpo
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpo\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpo\OpenWithProgids@mpofile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpq
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpq\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\OpenWithProgids@WMP11.AssocFile.MPEG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice@Hash s+Dc/CgJzVk=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msc\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msc\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msc\OpenWithProgids@MSCFile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids@OemOobe.Document
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithProgids@Msi.Package
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msu
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msu\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msu\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msu\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msu\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msu\OpenWithProgids@Microsoft.System.Update.1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\OpenWithProgids@WMP11.AssocFile.M2TS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice@Hash Gvbo1T19A8w=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice@ProgId WMP11.AssocFile.M2TS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice@Hash QjIavmz5JXQ=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\OpenWithProgids@MSInfoFile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrg
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrg\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice@Hash zBnpZkJ9n+s=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids@ocxfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithList@a soffice.bin
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithList@MRUList ab
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithList@b scalc.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithProgids@opendocument.CalcDocument.1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithList@a soffice.bin
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids@odtfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids@opendocument.WriterDocument.1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice@Hash +ExsffaM51Q=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.org0,000000de0,000000downloads0,000000644
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.org0,000000de0,000000downloads0,000000644\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.org%2fde%2fdownloads%2f644\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.org%2fde%2fdownloads%2f644\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids@otffile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ott
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ott\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ott\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ott\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ott\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ott\OpenWithProgids@opendocument.WriterTemplate.1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxps
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxps\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxps\OpenWithProgids@Windows.XPSReachViewer
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxps\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxps\UserChoice@Hash PqC8PCXg8AE=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxps\UserChoice@ProgId AppX86746z2101ayy2ygv3g96e4eqdf8r99j
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pano
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pano\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pano\OpenWithProgids@Panoramic File
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\OpenWithProgids@iTunes.pcast
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithProgids@AcroExch.Document.11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice@Progid AcroExch.Document.11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice@Hash JqilBDVs2oE=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfxml
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfxml\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfxml\UserChoice@Progid AcroExch.pdfxml
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfxml\UserChoice@Hash kgBx6tsQVt8=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdx\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdx\UserChoice@Progid AcroExch.AcrobatPDXFileType
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdx\UserChoice@Hash 9vqSeVK5lH0=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice@Hash Xe/dvQhiJoE=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList@a DllHost.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList@MRUList acb
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList@b mspaint.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList@c firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids@pngfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice@Hash Agivr9a2KZE=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice@ProgId pngfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pns
|
|
16.06.2015, 16:43
| #10 |
| | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache gmer 5 Code:
ATTFilter Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pns\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pns\OpenWithProgids@pnsfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids@OemOobe.Document
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids@OemOobe.Document
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithList@a soffice.bin
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids@OemOobe.Document
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\UserChoice@Hash GKI80UakXXM=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\UserChoice@ProgId OpenOffice.Pptx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids@Microsoft.PowerShellXMLData.1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc\OpenWithProgids@Microsoft.PowerShellSessionConfiguration.1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptb
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptb\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptb\OpenWithList@a PTEditor.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptb\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice@Hash R3QjPaUF5aM=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\OpenWithProgids@LTspice.Rawfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice@Hash C/LUtX1VDio=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids@rlefile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RMI
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RMI\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RMI\OpenWithProgids@WMP11.AssocFile.MIDI
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids@rtffile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids@OpenOffice.Rtf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice@Hash uiZ9IBAfp7o=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice@Hash mmucjsBCQFw=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids@SHCmdFile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids@SearchFolder
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.secstore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.secstore\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.secstore\UserChoice@Progid AcroExch.SecStore
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.secstore\UserChoice@Hash 9cyRSthMZDw=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids@FirefoxHTML
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids@ChromeHTML
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smc\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SND
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SND\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SND\OpenWithProgids@WMP11.AssocFile.AU
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice@Hash VIbmr2nQ2Ug=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srm
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srm\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice@Hash GoxXxu/q1oc=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice@ProgId Microsoft.PhotoManager.imagetype
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids@sysfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tc\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.themepack
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.themepack\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.themepack\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.themepack\OpenWithList@MRUList ab
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.themepack\OpenWithList@b a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.themepack\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.themepack\OpenWithProgids@themepackfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids@TIFImage.Document
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice@Hash QvUg6kTERs4=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice@ProgId TIFImage.Document
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids@TIFImage.Document
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice@Hash rY2PkBEZGuk=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice@ProgId TIFImage.Document
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithProgids@WMP11.AssocFile.TTS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice@Hash o4WyMlre2vs=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice@ProgId WMP11.AssocFile.TTS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids@ttcfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids@ttffile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\OpenWithProgids@WMP11.AssocFile.TTS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice@Hash RFPYW5p2jLA=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice@ProgId WMP11.AssocFile.TTS
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList@a NOTEPAD.EXE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids@txtfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice@Hash F/8C+WRAfBk=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice@ProgId txtfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vhd
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vhd\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vmdk
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vmdk\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids@WMP11.AssocFile.WAV
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice@Hash BYZGdUKRUIo=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice@ProgId WMP11.AssocFile.WAV
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WAX
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WAX\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WAX\OpenWithProgids@WMP11.AssocFile.WAX
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids@wdpfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice@Hash tqd1nO0aMJA=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice@ProgId wdpfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wlvs
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wlvs\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids@WMP11.AssocFile.ASF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice@Hash nIy6yicv4Mg=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice@ProgId WMP11.AssocFile.ASF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids@WMP11.AssocFile.WMA
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice@Hash pT/OPCgKQXc=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice@ProgId WMP11.AssocFile.WMA
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids@wmffile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids@WMP11.AssocFile.WMV
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice@Hash Vgq3kDClfzw=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice@ProgId WMP11.AssocFile.WMV
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WMX
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WMX\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WMX\OpenWithProgids@WMP11.AssocFile.ASX
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\OpenWithProgids@WMP11.AssocFile.WPL
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice@Hash 9O8mTv9H31g=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice@ProgId WMP11.AssocFile.WPL
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WVX
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WVX\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WVX\OpenWithProgids@WMP11.AssocFile.WVX
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xdp
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xdp\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xdp\UserChoice@Progid AcroExch.XDPDoc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xdp\UserChoice@Hash kXLjB4sS7Ck=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xfdf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xfdf\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xfdf\UserChoice@Progid AcroExch.XFDFDoc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xfdf\UserChoice@Hash eROQYwXqUbA=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithList@MRUList ba
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithList@b soffice.bin
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids@OemOobe.Document
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice@Hash 0/ygDMzaKdk=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice@ProgId OpenOffice.Xls
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids@OpenOffice.Xlt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids@xmlfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\OpenWithProgids@Windows.XPSReachViewer
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice@Hash nCrqiIBFOMw=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice@ProgId AppX86746z2101ayy2ygv3g96e4eqdf8r99j
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids@xslfile
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList@a firefox.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList@MRUList a
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids@CompressedFolder
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\http
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\http\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\http\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\http\OpenWithProgids@URL:HyperText Transfer Protocol
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\mailto
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\mailto\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\mailto\OpenWithProgids
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\mailto\OpenWithProgids@URL:mailto
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\OpenWithList
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{4DCAFE13-E6A7-4C28-BE02-CA8C2126280D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{4DCAFE13-E6A7-4C28-BE02-CA8C2126280D}@DefaultView {5586158E-F4E6-409E-B47C-4D216F40B912}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@Name @shell32.dll,-34817
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@Version 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@LogicalViewMode 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@IconSize 48
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@QueryType 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@HideFileNames 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@DateCategorizerInfo -1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@ChildViewID {00000000-0000-0000-0000-000000000000}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@GroupBy System.ItemSearchLocation
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@GroupAscending -1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@StackBy System.Null
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@PrimaryProperty System.ItemSearchLocation
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@PrimarySettings 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@ColumnList prop:0+(34)System.ItemNameDisplay;0-(15)System.DateModified;0+(15)System.ItemTypeText;0-/(10)System.Size;1-(20)System.DateCreated;1+(15)System.ItemFolderPathDisplay;1+(9)System.Author;1+(11)System.Keywords;1+(20)System.Title
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{5F4EAB9A-6833-4F61-899D-31CF46979D49}\TopViews\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}@SortByList prop:+(20)System.ItemNameDisplay;-(15)System.DateModified
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HelpSticker
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HelpSticker\State
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HelpSticker\State@StartMouse 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HelpSticker\State@BackMouse 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HelpSticker\State@CharmsMouse 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HelpSticker\Tracking
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HelpSticker\Tracking@CharmsMouse 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\LowRegistry
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MMStuckRects
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MMStuckRects@GSM57A4#5&276d8c26&0&UID1048851 0x28 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MMStuckRects@GSM57A3#5&276d8c26&0&UID1048832 0x28 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MMStuckRects@DON0035#5&276d8c26&0&UID1048849 0x28 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MMStuckRects@GSM57A4#5&276d8c26&0&UID1048849 0x28 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MMStuckRects@GSM57A4#5&276d8c26&0&UID1048848 0x28 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\NewShortcutHandlers
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\NewShortcutHandlers@{FBF23B40-E3F0-101B-8488-00AA003E56F8}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager@ConfirmationCheckBoxDoForAll 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager@EnthusiastMode 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Package Installation
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Package Installation@PackageListVersion 246
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@MRUListEx 0x29 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@3 0x48 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@5 0x43 0x00 0x68 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@6 0x42 0x00 0x75 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@7 0x42 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@8 0x42 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@9 0x42 0x00 0x75 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@10 0x43 0x00 0x68 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@11 0x44 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@12 0x48 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@14 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@16 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@22 0x57 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@25 0x59 0x00 0x54 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@27 0x4D 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@23 0x77 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@17 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@28 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@29 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@30 0x77 0x00 0x77 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@21 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@31 0x3F 0x00 0x62 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@36 0x42 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@42 0x53 0x00 0x74 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@43 0x73 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@44 0x53 0x00 0x6B 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@46 0x77 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@51 0x7A 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@53 0x66 0x00 0x72 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@55 0x7A 0x00 0x73 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@56 0x68 0x00 0x75 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@57 0x77 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@2 0x63 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@59 0x48 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@61 0x43 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@62 0x4B 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@32 0x4B 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@33 0x54 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@13 0x55 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@68 0x6B 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@66 0x63 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@69 0x63 0x00 0x6D 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@67 0x62 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@71 0x73 0x00 0x6E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@73 0x70 0x00 0x31 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@70 0x72 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@72 0x52 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@74 0x48 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@60 0x48 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@75 0x74 0x00 0x68 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@45 0x55 0x00 0x6E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@78 0x4A 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@18 0x43 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@81 0x32 0x00 0x30 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@76 0x53 0x00 0x43 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@82 0x53 0x00 0x43 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@83 0x53 0x00 0x43 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@84 0x57 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@85 0x45 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@80 0x30 0x00 0x30 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@87 0x44 0x00 0x56 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@86 0x47 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@90 0x53 0x00 0x63 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@89 0x55 0x00 0x6E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@19 0x44 0x00 0x33 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@91 0x4F 0x00 0x76 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@47 0x52 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@92 0x77 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@93 0x44 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@94 0x43 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@95 0x52 0x00 0x4F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@96 0x50 0x00 0x54 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@49 0x50 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@1 0x53 0x00 0x63 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@40 0x70 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@63 0x37 0x00 0x36 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@79 0x64 0x00 0x66 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@58 0x62 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@99 0x62 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@88
|
|
16.06.2015, 16:44
| #11 |
| | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache gmer 6 Code:
ATTFilter Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@101 0x36 0x00 0x30 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@20 0x55 0x00 0x6E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@103 0x45 0x00 0x4D 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@104 0x44 0x00 0x56 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@100 0x41 0x00 0x67 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@105 0x67 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@106 0x41 0x00 0x67 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@108 0x63 0x00 0x74 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@109 0x62 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@24 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@102 0x49 0x00 0x53 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@110 0x69 0x00 0x70 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@111 0x66 0x00 0x72 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@112 0x37 0x00 0x38 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@15 0x71 0x00 0x75 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@26 0x55 0x00 0x6E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@107 0x53 0x00 0x79 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@114 0x6D 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@35 0x71 0x00 0x33 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@113 0x62 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@37 0x56 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@115 0x56 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@116 0x41 0x00 0x4F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@39 0x61 0x00 0x62 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@48 0x41 0x00 0x67 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@117 0x41 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@97 0x4F 0x00 0x46 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@119 0x53 0x00 0x45 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@120 0x47 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@118 0x41 0x00 0x62 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@121 0x56 0x00 0x73 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@122 0x45 0x00 0x64 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@50 0x5A 0x00 0x45 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@52 0x55 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@64 0x55 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@65 0x53 0x00 0x4E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@98 0x44 0x00 0x6B 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@77 0x53 0x00 0x57 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@38 0x72 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@123 0x72 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@34 0x61 0x00 0x50 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@4 0x44 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@0 0x4E 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs@41 0x33 0x00 0x38 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.7z
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.7z@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.7z@0 0x55 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.air
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.air@0 0x77 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.air@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.asc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.asc@0 0x56 0x00 0x73 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.asc@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.bmp
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.bmp@0 0x43 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.bmp@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.bz2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.bz2@0 0x7A 0x00 0x73 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.bz2@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.cfg
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.cfg@0 0x7A 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.cfg@MRUListEx 0x04 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.cfg@2 0x70 0x00 0x31 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.cfg@1 0x72 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.cfg@3 0x66 0x00 0x72 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.cfg@4 0x71 0x00 0x33 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/@0 0x77 0x00 0x77 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.config
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.config@0 0x63 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.config@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.de
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.de@0 0x73 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.de@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.gz
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.gz@0 0x72 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.gz@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.htm
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.htm@0 0x53 0x00 0x63 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.htm@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html@0 0x57 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ICO
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ICO@0 0x45 0x00 0x4D 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ICO@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ICO@1 0x56 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.img
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.img@MRUListEx 0x02 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.img@1 0x6B 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.img@0 0x55 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.img@2 0x72 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.import
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.import@0 0x66 0x00 0x72 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.import@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ini
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ini@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ini@0 0x55 0x00 0x6E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.iso
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.iso@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.iso@0 0x41 0x00 0x67 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.iso@1 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@MRUListEx 0x09 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@4 0x70 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@0 0x37 0x00 0x36 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@2 0x64 0x00 0x66 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@5 0x62 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@3 0x36 0x00 0x30 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@6 0x53 0x00 0x4E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@8 0x44 0x00 0x6B 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@7 0x53 0x00 0x57 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@1 0x61 0x00 0x50 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@9 0x33 0x00 0x38 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg&subject=
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg&subject=@0 0x3F 0x00 0x62 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg&subject=@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mds
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mds@0 0x41 0x00 0x4F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mds@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@0 0x48 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@MRUListEx 0x08 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@1 0x43 0x00 0x68 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@2 0x42 0x00 0x75 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@3 0x42 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@4 0x42 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@5 0x42 0x00 0x75 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@6 0x43 0x00 0x68 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@7 0x44 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@8 0x48 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@0 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@MRUListEx 0x03 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@1 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@5 0x4D 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@4 0x77 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@2 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@6 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@7 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@3 0x57 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mpq
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mpq@0 0x53 0x00 0x45 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mpq@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.nfo
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.nfo@0 0x67 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.nfo@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ods
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ods@0 0x77 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ods@MRUListEx 0x02 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ods@1 0x77 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ods@2 0x4F 0x00 0x76 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.odt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.odt@0 0x53 0x00 0x6B 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.odt@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.odt@1 0x55 0x00 0x6E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.org/de/downloads/644
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@2 0x43 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@3 0x74 0x00 0x68 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@5 0x32 0x00 0x30 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@4 0x53 0x00 0x43 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@6 0x53 0x00 0x43 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@7 0x53 0x00 0x43 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@8 0x57 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@9 0x45 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@0 0x44 0x00 0x33 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@1 0x50 0x00 0x54 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@MRUListEx 0x03 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@1 0x48 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@0 0x48 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@2 0x55 0x00 0x6E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@3 0x41 0x00 0x62 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pptx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pptx@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pptx@0 0x47 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ptb
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ptb@0 0x68 0x00 0x75 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ptb@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@1 0x53 0x00 0x74 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@2 0x63 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@3 0x63 0x00 0x6D 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@4 0x61 0x00 0x62 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@5 0x41 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@6 0x5A 0x00 0x45 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@0 0x4E 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.wlvs
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.wlvs@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.wlvs@0 0x59 0x00 0x54 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xls
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xls@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xls@1 0x42 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xls@2 0x4B 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xls@0 0x4B 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip@1 0x62 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip@2 0x55 0x00 0x6E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip@3 0x63 0x00 0x74 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip@4 0x69 0x00 0x70 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip@5 0x71 0x00 0x75 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip@0 0x4F 0x00 0x46 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@13 0x48 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@5 0x54 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@15 0x62 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@16 0x73 0x00 0x6E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@17 0x52 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@19 0x4A 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@18 0x43 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@20 0x30 0x00 0x30 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@21 0x44 0x00 0x56 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@22 0x52 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@23 0x44 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@24 0x52 0x00 0x4F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@25 0x50 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@0 0x53 0x00 0x63 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@26 0x62 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@28 0x44 0x00 0x56 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@29 0x41 0x00 0x67 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@3 0x62 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@27 0x49 0x00 0x53 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@2 0x37 0x00 0x38 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@4 0x53 0x00 0x79 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@6 0x6D 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@7 0x62 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@8 0x56 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@9 0x41 0x00 0x67 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@10 0x47 0x00 0x61 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@11 0x45 0x00 0x64 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@14 0x55 0x00 0x6C 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@12 0x72 0x00 0x65 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@1 0x44 0x00 0x6F 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Ribbon
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Ribbon@QatItems 0x3C 0x73 0x69 0x71 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Search
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Search\Preferences
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Search\PrimaryProperties
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Search\PrimaryProperties\IndexedLocations
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Search\PrimaryProperties\UnindexedLocations
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences@DisableResultsInNewWindow 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences@DisableAutoNavigateURL 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences@DisableAutoResolveEmailAddrs 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences@IEAddressBarSearchDefault MSNSearch
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences@BreadCrumbBarSearchDefault MSNSearch
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences@EditSavedSearch 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences@DisableTabbedBrowsing 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SharingMFU
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SharingMFU@MRUListEx 0xFF 0xFF 0xFF 0xFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@!Do not use this registry key Use the SHGetFolderPath or SHGetKnownFolderPath function instead
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@AppData C:\Users\Beckz\AppData\Roaming
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Local AppData C:\Users\Beckz\AppData\Local
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@My Video C:\Users\Beckz\Videos
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE} C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Libraries
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@My Pictures C:\Users\Beckz\Pictures
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Desktop C:\Users\Beckz\Desktop
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@History C:\Users\Beckz\AppData\Local\Microsoft\Windows\History
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@NetHood C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@{56784854-C6CB-462B-8169-88E350ACB882} C:\Users\Beckz\Contacts
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@{00BCFC5A-ED94-4E48-96A1-3F6217F21990} C:\Users\Beckz\AppData\Local\Microsoft\Windows\RoamingTiles
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Cookies C:\Users\Beckz\AppData\Local\Microsoft\Windows\INetCookies
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Favorites C:\Users\Beckz\Favorites
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@SendTo C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\SendTo
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Start Menu C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Start Menu
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@My Music C:\Users\Beckz\Music
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Programs C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Recent C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Recent
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@CD Burning C:\Users\Beckz\AppData\Local\Microsoft\Windows\Burn\Burn
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@PrintHood C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA} C:\Users\Beckz\Searches
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@{374DE290-123F-4565-9164-39C4925E467B} C:\Users\Beckz\Downloads
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@{A520A1A4-1780-4FF6-BD18-167343C5AF16} C:\Users\Beckz\AppData\LocalLow
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Startup C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Administrative Tools C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Personal C:\Users\Beckz\Documents
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968} C:\Users\Beckz\Links
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Cache C:\Users\Beckz\AppData\Local\Microsoft\Windows\INetCache
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Templates C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Templates
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4} C:\Users\Beckz\Saved Games
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@Fonts C:\WINDOWS\Fonts
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage@StartMenu_Start_Time 0x16 0xB1 0xD6 0x4B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage@OpenAtLogon 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage@MonitorOverride 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage@MakeAllAppsDefault 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage@DesktopFirst 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run@Spotify 0x02 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run@Battle.net 0x02 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run@Spotify Web Helper 0x02 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run@DAEMON Tools Lite 0x03 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder@CurseClientStartup.ccip 0x02 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder@Dropbox.lnk 0x02 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU@0 0x14 0x00 0x1F 0x58 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\0@ViewView2 0x1C 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop@TaskbarWinXP 0x0C 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop@Upgrade 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2@Settings 0x28 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesResolve 0xB9 0x02 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@Favorites 0x00 0x64 0x01 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesChanges 22
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesVersion 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesRemovedChanges 62
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths@url1 C:\Users\Beckz\AppData\Roaming\AVM\FRITZ!Fernzugang\78_35_78_50
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@Desktop %USERPROFILE%\Desktop
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@Local AppData %USERPROFILE%\AppData\Local
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@Startup %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@Cookies %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@SendTo %USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@Personal %USERPROFILE%\Documents
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@Recent %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@Favorites %USERPROFILE%\Favorites
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@My Pictures %USERPROFILE%\Pictures
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@Start Menu %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@NetHood %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@My Music %USERPROFILE%\Music
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@My Video %USERPROFILE%\Videos
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@Cache %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@Programs %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@History %USERPROFILE%\AppData\Local\Microsoft\Windows\History
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@{374DE290-123F-4565-9164-39C4925E467B} %USERPROFILE%\Downloads
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@Templates %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@AppData %USERPROFILE%\AppData\Roaming
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@PrintHood %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}
|
|
16.06.2015, 16:45
| #12 |
| | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache gmer 7 Code:
ATTFilter
0x62 0x00 0x65 0x00 ...
%USERPROFILE%\SkyDrive
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{9E04CAB2-CC14-11DF-BB8C-A2F1DED72085}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{9E04CAB2-CC14-11DF-BB8C-A2F1DED72085}@Version 5
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{9E04CAB2-CC14-11DF-BB8C-A2F1DED72085}\Count
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{9E04CAB2-CC14-11DF-BB8C-A2F1DED72085}\Count@HRZR_PGYFRFFVBA 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{A3D53349-6E61-4557-8FC7-0028EDCEEBF6}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{A3D53349-6E61-4557-8FC7-0028EDCEEBF6}@Version 5
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{A3D53349-6E61-4557-8FC7-0028EDCEEBF6}\Count
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{A3D53349-6E61-4557-8FC7-0028EDCEEBF6}\Count@HRZR_PGYFRFFVBA 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{B267E3AD-A825-4A09-82B9-EEC22AA3B847}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{B267E3AD-A825-4A09-82B9-EEC22AA3B847}@Version 5
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{B267E3AD-A825-4A09-82B9-EEC22AA3B847}\Count
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}@Version 5
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}\Count
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}\Count@HRZR_PGYPHNPbhag:pgbe 0xFF 0xFF 0xFF 0xFF ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}\Count@gkg_1015024219_qr-QR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}\Count@HRZR_PGYFRFFVBA 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}\Count@gkg_1042176503_qr-qr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}\Count@gkg_1287835801_qr-qr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}\Count@gkg_1895401208_qr-QR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}\Count@gkg_256506965_qr-qr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CAA59E3C-4792-41A5-9909-6A6A8D32490E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CAA59E3C-4792-41A5-9909-6A6A8D32490E}@Version 5
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CAA59E3C-4792-41A5-9909-6A6A8D32490E}\Count
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CAA59E3C-4792-41A5-9909-6A6A8D32490E}\Count@HRZR_PGYFRFFVBA 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}@Version 5
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@HRZR_PGYPHNPbhag:pgbe 0xFF 0xFF 0xFF 0xFF ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.Jvaqbjf.Rkcybere 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@HRZR_PGYFRFFVBA 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.VagreargRkcybere.Qrsnhyg 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@R7PS176R110P211O 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\BcraJvgu.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.Jvaqbjf.PbagebyCnary 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\JbJ\Jbeyq bs Jnepensg\Jbj-64.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Grnzfcrnx 3\gf3pyvrag_jva64.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ehaqyy32.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.NhgbTrarengrq.{5S445O32-R9R0-3SOO-7OPP-SQR18S294455} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Fcbgvsl.Pbafbyr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Fcbgvsl.Znva 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ebnzvat\Fcbgvsl\fcbgvsl.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pzq.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.NhgbTrarengrq.{O0S2612S-45NS-O0RQ-P48R-3R6089R66PQ2} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.FxlcrNcc_xms8dks38mt5p!Ncc 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pnyp.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@jvaqbjf.vzzrefvirpbagebycnary_pj5a1u2gklrjl!zvpebfbsg.jvaqbjf.vzzrefvirpbagebycnary 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.Ernqre_8jrxlo3q8oojr!Zvpebfbsg.Ernqre 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\CevagQvnybtUbfg.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ABGRCNQ.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.Jvaqbjf.ZrqvnCynlre32 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@zvpebfbsg.jvaqbjfpbzzhavpngvbafnccf_8jrxlo3q8oojr!Zvpebfbsg.JvaqbjfYvir.Znvy 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@phef..gvba_9r9r83qqs3rq3rnq_9620sr4o3rnq2051 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.Jvaqbjf.JvaqbjfVafgnyyre 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\AIVQVN Pbecbengvba\AIVQVN TrSbepr Rkcrevrapr\TSRkcrevrapr.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\pzq.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Pnaba\VWCYZ\vwcyzhv.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@S:\Rzh\FARF\farf9k.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ebnzvat\Fcbgvsl\Fcbgvsl_arj.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@PbzbqbTebhc.PBZBQB.6 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@OyvmmneqRagregnvazrag.Onggyrarg.orgn 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Urnegufgbar\Urnegufgbar.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Qvnoyb VVV\Qvnoyb VVV.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@OyvmmneqRagregnvazrag.QvnoybVVV.ergnvy 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.NhgbTrarengrq.{R81384P9-6PNP-14O6-R0P4-916380Q0PRO7} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\BcraBssvpr 4\cebtenz\\fpnyp.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\IYP\iyp.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\freivvb\ova\FreivvbPbafbyr.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fperra Pncghere Erpbeqre\pbasvthengvba_frghc_hgvyvgl\trarevp_eha_eo.ong 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{6Q809377-6NS0-444O-8957-N3773S02200R}\Vagrearg Rkcybere\VRKCYBER.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\BcraBssvpr 4\cebtenz\fjevgre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.Jvaqbjf.CubgbIvrjre 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\BcraBssvpr 4\cebtenz\fpnyp.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\SEVGM.Obk_Sba_JYNA_7570_iQFY.04.81.erpbire-vzntr.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@R:\sfrghc.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\sevgm.obk_sba_jyna.04.34.erpbire-vzntr.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\MFARF\mfarfj.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfvrkrp.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Grzc\Frghc.Rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\CbjreGno\CGRqvgbe.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\Znpebzrq\Synfu\SynfuCynlreCyhtva_14_0_0_145.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\fvzp-548-7-jva64\FvzhyngvbaPensg.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfcnvag.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\FlfgrzCebcregvrfNqinaprq.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fgrnz\Fgrnz.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\Znpebzrq\Synfu\SynfuHgvy32_14_0_0_145_Cyhtva.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\Znpebzrq\Synfu\SynfuCynlreCyhtva_15_0_0_152.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{Q07435O2-3NNP-543N-9O3S-2O44QQ7RR5PQ} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\VzntrJevgre\Jva32QvfxVzntre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\Grzc1_FQSbeznggrei4.mvc\frghc.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\FQ Sbeznggre\FQSbeznggre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\7mvc\7mT.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\Jva32QvfxVzntre-0.9.5-vafgnyy.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ycxvafgnyy.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\Znpebzrq\Synfu\SynfuHgvy32_15_0_0_152_Cyhtva.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fgrnz\fgrnznccf\pbzzba\Fxlevz\FxlevzYnhapure.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fgrnz\FgrnzNccf\pbzzba\Fxlevz\GRFI.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Jvaqbjf Yvir\Cubgb Tnyyrel\JYKCubgbTnyyrel.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Jvaqbjf Yvir\Cubgb Tnyyrel\JYKCubgbNpdhverJvmneq.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Jvaqbjf Yvir\Vafgnyyre\jyfrggvatf.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{P664SN4N-4NR5-5QP1-9QRQ-527NRNP6S3S0} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\BcraBssvpr 4\cebtenz\fqenj.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\Znpebzrq\Synfu\SynfuCynlreCyhtva_15_0_0_246.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\Znpebzrq\Synfu\SynfuHgvy32_15_0_0_246_Cyhtva.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\CEBTEN~2\ZVPEBF~3\Bssvpr15\SVEFGEHA.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{S628169Q-8979-11R4-ORS1-NP220O78ORN7} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fvzpensg\603-20\FvzhyngvbaPensg64.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{S62829P4-8979-11R4-ORS1-NP220O78ORN7} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\rzay-jva-zt5300-1_10-zpq-qr.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\JMFR0.GZC\rzay-jva-zt5300-1_10-zpq-qr\FgnegUgz.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.NhgbTrarengrq.{26R20PS4-05PQ-S29N-5806-RQ713O67OQ82} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\BcraBssvpr 4\cebtenz\\fvzcerff.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\YbY\yby.ynhapure.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\jhnhpyg.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\Znpebzrq\Synfu\SynfuCynlreCyhtva_16_0_0_257.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{06446R51-9RN4-11R4-ORSO-NP220O78ORN7} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{06447P6P-9RN4-11R4-ORSO-NP220O78ORN7} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{71R66255-N251-11R4-ORSP-NP220O78ORN7} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\Znpebzrq\Synfu\SynfuCynlreCyhtva_16_0_0_296.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\NVE5Q06.gzc\Nqbor NVE Vafgnyyre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Pbzzba Svyrf\Nqbor NVE\Irefvbaf\1.0\Nqbor NVE Nccyvpngvba Vafgnyyre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\JBJ ybtf\Jnepensg Ybtf Hcybnqre\Jnepensg Ybtf Hcybnqre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{71R6673N-N251-11R4-ORSP-NP220O78ORN7} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Jbeyq bs Jnepensg Choyvp Grfg\JbjG-64.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\Znpebzrq\Synfu\SynfuCynlreCyhtva_16_0_0_305.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\NqorEqe11010_qr_QR.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Pbzzba Svyrf\Nqbor NVE\Irefvbaf\1.0\Erfbheprf\Nqbor NVE Hcqngre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\NVEP6.gzc\Nqbor NVE Vafgnyyre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\Qbjaybnqre_FgnePensg_Pbzob_raTO.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@OyvmmneqRagregnvazrag.UrebrfBsGurFgbez.UrebrfBsGurFgbez 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\Oyvmmneq Vafgnyyre Obbgfgenc - 0r9286n6\Vafgnyyre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\IGEbbg\UneqqvfxIbyhzr4\FgnePensg\FgnePensg.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\Qbjaybnqre_Jnepensg3_Ervta_bs_Punbf_raTO.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\Oyvmmneq Vafgnyyre Obbgfgenc - 0rp4p513\Vafgnyyre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\vafgnyyre\Jnepensg VVV 1.21o EBP Vafgnyyre raTO\Vafgnyyre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\Oyvmmneq Vafgnyyre Obbgfgenc - 0rp77128\Vafgnyyre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\Qbjaybnqre_Jnepensg3_Gur_Sebmra_Guebar_raTO(1).rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\Oyvmmneq Vafgnyyre Obbgfgenc - 0rpq61q9\Vafgnyyre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Jnepensg VVV\Jnepensg VVV.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\abgrcnq.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Oybool Ibyyrl 2 Irefvba 1.0\oybool.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@R:\frghc.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\SynfuCynlreNcc.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\HaernyGbheanzrag\Flfgrz\HaernyGbheanzrag.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@R:\NBRFRGHC.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\Sbaqhr.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Ntr bs Rzcverf\Rzcverf.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\BcgvbanySrngherf.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.Jvaqbjf.PbagebyCnary.Gnfxone 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\QZE\qze_72.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\VFB Jbexfubc\vfbjbexfubc_5.8.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\VFB Jbexfubc\VFBJbexfubc.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\VFB Jbexfubc\VFBGbbyf.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@T:\NBRFRGHC.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\gnfxubfg.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\vafgnyyre\FrghcIveghnyPybarQevir547.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Iveghny Pybar Qevir\IveghnyPybarQevir\IPQCersf.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfvasb32.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\FgnePensg\FgnePensg.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Iveghny Pybar Qevir\IveghnyPybarQevir\IPQZbhag.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\GenpxZnavn-Angvbaf-Sberire-yafgnyy.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\por8sq0n95o2s3s5r1289120q28p899s\znvypurpx_ss_2014_12_02_fcf_qff_xv20201.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\gzangvbafsberire_frghc.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\GzAngvbafSberire\GzSberireYnhapure.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\GzAngvbafSberire\GzSberire.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Qvnoyb\Qvnoyb.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.NhgbTrarengrq.{5SQ1104Q-POS2-Q262-Q5QO-147Q637R343O} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\QrivprCebcregvrf.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zzp.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.NhgbTrarengrq.{8NOQ94SO-R7Q6-84N6-N997-P918RQQR0NR5} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@R:\NHGBEHA.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfqg.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{6Q809377-6NS0-444O-8957-N3773S02200R}\Jvaqbjf Znvy\jno.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@PynffvpFuryy.PynffvpRkcybere.Frggvatf 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{S1SO2R9P-1391-5P13-O5O5-P943O1RP3SQ1} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{Q20044S7-O868-508O-OO38-P51N0P9Q1033} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@OyvmmneqRagregnvazrag.FgnePensgVV.FgnePensgVV 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\grnzfcrnx3-freire_jva64\gf3freire_jva64.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\SEVGM_Obk-Sreamhtnat_rvaevpugra.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\sevgmobksreamhtnat\ICANqzva.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{6Q809377-6NS0-444O-8957-N3773S02200R}\Zvpebfbsg Zbhfr naq Xrlobneq Pragre\vglcr.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\dhnxr\xb3\dhnxr3.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\FgnePensg VV\FgnePensg VV.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\FgnePensg VV\Fhccbeg\OyvmmneqReebe.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\NVE4314.gzc\Nqbor NVE Vafgnyyre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\HaernyGbheanzrag\Flfgrz\GnpgvpnyBcf.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fgrnz\FgrnzNccf\pbzzba\Grnz Sbegerff 2\uy2.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\~afh.gzc\Nh_.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{6R315QR9-O2P2-5SSN-96QP-04Q6RQ1PS020} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\QGYvgr501-0406.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\QNRZBA Gbbyf Yvgr\OV1.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\QNRZBA Gbbyf Yvgr\QGYvgr.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@U:\NBRFRGHC.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\ROHRNP2.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@U:\NBPFRGHC.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\ROHNR3.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Ntr bs Rzcverf 2\bcgvbany 1.0p cngpu\ntr20Pcngpu.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Ntrbs Rzcverf 2\NbSR_Ynhapure.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Ntrbs Rzcverf 2\7mn.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Ntrbs Rzcverf 2\ntr2_k1\SvkNbSR.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Ntrbs Rzcverf 2\ntr2_k1\ntr2_k2.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\Znpebzrq\Synfu\SynfuHgvy32_16_0_0_305_Cyhtva.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@OyvmmneqRagregnvazrag.FgnePensgVV.FgnePensgVVRqvgbe 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{6Q809377-6NS0-444O-8957-N3773S02200R}\Ernygrx\Nhqvb\UQN\EgxATHV64.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\FgnePensg VV\Irefvbaf\Onfr32283\FP2.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\ZvpebfbsgSvkvg.UbzrTebhc.Eha.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\freivprf.zfp 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{S589OQ18-SR41-556N-N82P-PO77R4067QN1} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Fcbgvsl\Hcqngr\fcbgvsl_vafgnyyre-1.0.3.101.tosn97qsr-48.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\vGharf\vGharfUrycre.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfpbasvt.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\Znpebzrq\Synfu\SynfuCynlreCyhtva_17_0_0_169.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Fcbgvsl\Hcqngr\fcbgvsl_vafgnyyre-1.0.4.90.t0o6qs40o-9.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{6Q809377-6NS0-444O-8957-N3773S02200R}\PBZBQB\PBZBQB Vagrearg Frphevgl\pvf.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\ygfcvprvi.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\ygfcvpr\fpnq3.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Nqbor\Ernqre 11.0\Ernqre\NpebEq32.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\Znpebzrq\Synfu\SynfuHgvy32_17_0_0_169_Cyhtva.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{267Q19P5-S391-550O-O7O6-R99S17928O85} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Fcbgvsl\Hcqngr\fcbgvsl_vafgnyyre-1.0.5.186.tn9p24q6n-17.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fgrnz\FgrnzNccf\pbzzba\Gur Jvgpure 3\ova\k64\jvgpure3.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Fcbgvsl\Hcqngr\fcbgvsl_vafgnyyre-1.0.6.80.t2n801n53-61.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\RnfrBsNpprffQvnybt.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\Qbjaybnqf\synfucynlre17nh_tq_vafgnyy.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Pbzzba Svyrf\Nqbor\NEZ\1.0\NqborNEZ.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\THZ3N78.gzc\TbbtyrHcqngr.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Tbbtyr\Hcqngr\TbbtyrHcqngr.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Puebzr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Tbbtyr\Puebzr\Nccyvpngvba\43.0.2357.81\qryrtngr_rkrphgr.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.QFHV.Qrivpr.{88P317P4-11S3-11R5-OS16-NP220O78ORN7} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.Jvaqbjf.QrsnhygCebtenzf 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\efgehv.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Zvpebfbsg.NhgbTrarengrq.{SNN5Q6SP-291R-O340-7016-6305R9OO15OO} 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Ntrbs Rzcverf 2\HAVAFGNYK.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\ertrqvg.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fgrnz\FgrnzNccf\pbzzba\Cbegny\uy2.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\AIVQVN Pbecbengvba\AIVQVN TrSbepr Rkcrevrapr\YnhapuTSRkcrevrapr.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fgrnz\FgrnzNccf\pbzzba\Obeqreynaqf 2\Ovanevrf\Erqvfg\iperqvfg_2005_k86.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\VKC000.GZC\IPERQV~1.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fgrnz\FgrnzNccf\pbzzba\Obeqreynaqf 2\Ovanevrf\Erqvfg\iperqvfg_2005_ngy_k86.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Grzc\VKC000.GZC\IPERQV~3.RKR 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fgrnz\FgrnzNccf\pbzzba\Obeqreynaqf 2\Ovanevrf\Jva32\Ynhapure.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fgrnz\FgrnzNccf\pbzzba\Obeqreynaqf 2\Ovanevrf\Jva32\Obeqreynaqf2.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@Q:\Fgrnz\FgrnzNccf\pbzzba\Cbegny 2\cbegny2.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count@{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\creszba.rkr 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F2A1CB5A-E3CC-4A2E-AF9D-505A7009D442}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F2A1CB5A-E3CC-4A2E-AF9D-505A7009D442}@Version 5
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F2A1CB5A-E3CC-4A2E-AF9D-505A7009D442}\Count
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F2A1CB5A-E3CC-4A2E-AF9D-505A7009D442}\Count@HRZR_PGYFRFFVBA 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}@Version 5
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@HRZR_PGYPHNPbhag:pgbe 0xFF 0xFF 0xFF 0xFF ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Vagrearg Rkcybere.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@HRZR_PGYFRFFVBA 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Choyvp\Qrfxgbc\Zbmvyyn Sversbk.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zbmvyyn Sversbk.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Fcbgvsl.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Zvpebfbsg\Jvaqbjf\Nccyvpngvba Fubegphgf\Zvpebfbsg.OvatFcbegf_8jrxlo3q8oojr\NccrkFcbegf.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Zvpebfbsg\Jvaqbjf\Nccyvpngvba Fubegphgf\Zvpebfbsg.KobkYVIRTnzrf_8jrxlo3q8oojr\Zvpebfbsg.KobkYVIRTnzrf.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Flfgrz Gbbyf\Pbzznaq Cebzcg.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Qrfxgbc.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Zvpebfbsg\Jvaqbjf\Nccyvpngvba Fubegphgf\Zvpebfbsg.FxlcrNcc_xms8dks38mt5p\Ncc.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\GnfxOne\Zbmvyyn Sversbk.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Choyvp\Qrfxgbc\GrnzFcrnx 3 Pyvrag.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Zvpebfbsg\Jvaqbjf\Nccyvpngvba Fubegphgf\zvpebfbsg.jvaqbjfpbzzhavpngvbafnccf_8jrxlo3q8oojr\Zvpebfbsg.JvaqbjfYvir.Znvy.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Choyvp\Qrfxgbc\TrSbepr Rkcrevrapr.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\NccQngn\Ybpny\Zvpebfbsg\Jvaqbjf\Nccyvpngvba Fubegphgf\Zvpebfbsg.MharIvqrb_8jrxlo3q8oojr\Zvpebfbsg.MharIvqrb.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Choyvp\Qrfxgbc\Onggyr.arg.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Onggyr.arg\Onggyr.arg.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Choyvp\Qrfxgbc\BcraBssvpr 4.0.1.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Choyvp\Qrfxgbc\IYP zrqvn cynlre.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Jvaqbjf Zrqvn Cynlre.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Freivvb\Freivvb Pbafbyr.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Fperra Pncghere Erpbeqre\hfr\oebnqpnfg\fgernz qrfxgbc ybpny YNA.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\BcraBssvpr 4.0.1\BcraBssvpr Jevgre.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\BcraBssvpr 4.0.1\BcraBssvpr Pnyp.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\Qrfxgbc\Fcbgvsl.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Npprffbevrf\Cnvag.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Vzntr Jevgre\Jva32QvfxVzntre.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Choyvp\Qrfxgbc\FQSbeznggre.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\FQSbeznggre\FQSbeznggre.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Choyvp\Qrfxgbc\Fgrnz.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Cubgb Tnyyrel.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\BcraBssvpr 4.0.1\BcraBssvpr Qenj.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Pnaba ZT5300 frevrf Znahny\Pnaba ZT5300 frevrf Bayvar-Unaqohpu.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Choyvp\Qrfxgbc\Fvzhyngvbapensg(k64).yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Choyvp\Qrfxgbc\Cynl Yrnthr bs Yrtraqf.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Choyvp\Qrfxgbc\Jnepensg Ybtf Hcybnqre.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Cbjre Gno Fbsgjner\Cbjre Gno Rqvgbe\CQS Uryc Svyr.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Choyvp\Qrfxgbc\Jnepensg VVV.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Oybool Ibyyrl 2 Irefvba 1.0\Oybool Ibyyrl 2 Irefvba 1.0.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\Qrfxgbc\HaernyGbheanzrag - Irexaücshat.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Zvpebfbsg Tnzrf\Ntr bs Rzcverf\Ntr bs Rzcverf.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\Qrfxgbc\Tnzrf\Ntr bs Rzcverf.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Rynobengr Olgrf\IveghnyPybarQevir\Iveghny PybarQevir.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\Qrfxgbc\Tnzrf\FgnePensg - Oebbq Jne.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\Qrfxgbc\Tnzrf\HaernyGbheanzrag.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Qvnoyb\Qvnoyb.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\Qrfxgbc\Tnzrf\Qvnoyb.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Qvnoyb\Havafgnyy Qvnoyb.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\Pbzchgre Znantrzrag.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\Qrfxgbc\Tnzrf\Oybool Ibyyrl 2 Irefvba 1.0.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\Qrfxgbc\Tnzrf\Jnepensg VVV.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\SEVGM!Sreamhtnat\SEVGM!Sreamhtnat rvaevpugra.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\Qrfxgbc\Tnzrf\FgnePensg VV.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\Qrfxgbc\Tnzrf\Dhnxr 3.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\Qrfxgbc\Tnzrf\NbR2.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Nqzvavfgengvir Gbbyf\freivprf.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@P:\Hfref\Orpxm\Qrfxgbc\YGfcvpr VI.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\Flfgrz Gbbyf\Qrsnhyg Cebtenzf.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\AIVQVN Pbecbengvba\TrSbepr Rkcrevrapr.yax 0x2A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{FA99DFC7-6AC2-453A-A5E2-5E2AFF4507BD}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{FA99DFC7-6AC2-453A-A5E2-5E2AFF4507BD}@Version 5
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{FA99DFC7-6AC2-453A-A5E2-5E2AFF4507BD}\Count
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{FA99DFC7-6AC2-453A-A5E2-5E2AFF4507BD}\Count@HRZR_PGYFRFFVBA 0x2A 0x00 0x00 0x00 ...
|
|
16.06.2015, 16:47
| #13 |
| | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache und das letzte: Code:
ATTFilter Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\AnimateMinMax
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\AnimateMinMax@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ComboBoxAnimation
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ComboBoxAnimation@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ControlAnimations
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ControlAnimations@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DragFullWindows
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DragFullWindows@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMAeroPeekEnabled
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMAeroPeekEnabled@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMEnabled
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMEnabled@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMSaveThumbnailEnabled
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMSaveThumbnailEnabled@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\FontSmoothing
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListBoxSmoothScrolling
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListBoxSmoothScrolling@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewAlphaSelect
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewAlphaSelect@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewShadow
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewShadow@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\Themes
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\Themes@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ThumbnailsOrIcon
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ThumbnailsOrIcon@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TooltipAnimation
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TooltipAnimation@DefaultApplied 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Colors
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Colors@ 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images@ID2 AagfG8BARHQ1fP6IDHABAAAAAAwvBAAAxMFUTVQ1NXNnusBETeJCAsCL576IBAAASAAAAAQQAUHA0BwbAwEApBwcAQHAAAgQAAAAeAAAAAHAyBwbAAHA0AgMAkDA0AQOAYDA3AgMAkDA1AAAAAAAaDAAA4apOhT4tqoTKu5eqj3/xnuBAAAgAAAAAEAAAAgAAAAgBAAAAEAAAAQAAAAABAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAGAAAAABAkGA0BQZA0GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4hGe/XMLWaSTi7ahzk+JN0///////////////PAAAAABAAAAcAAEBQZAMHArBAdA8GAwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOAAAAkAAAAAQQAUHA0BwbAwGApBwcAQHADBQYAMGAoBQZAQFApBQbAUGAAAAFAAAA+7/7h41AAAwRAAAAiAAAAAQQAUHA0BwbAwGApBwcAQHADBQYAMGAoBQZAsEAlBQeAAAAfAAAAkAAAAARAUGAzBwaAQHAvBAcAADAAAAAAAAAAAAAAAAAAAAdaklXW+90I14ZXMDvujiuntxcEMT2KUEkmrUzuQJC+fIBAAAEA8uvBAAAAUHBAAQcEAAAxMFUTVQ1NXNnusBETeJCAsCL57aIAAAAQAAAAAwSAUGA5BgOAAFAJBARAAAATAAAAQGAAAQeDAAAUAAAAAwQA8GAuBAZAkGA0BQaA8GAuBAAAIEAAAgHAAAAwBgcA8GAwBANAIDA5AANAkDA2AwNAIDA5AQNAAAAAAwLDAAAT04bR4BEl+EhU/vg5hTG1AAAAAQAAAAALAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCAAAAfAgBAAAAqAgLAoGAwBwZAAAAAAQAAAAAAAAAJyV8SdhWhj0uNb0o4zJfCDA
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images@ID1 3dgMA8BRHpxAZJ3PnSUiFXVl+vGMu7BAAAQJA8uvQAAAAU4TIZ2BX7cAo2KPerLqPHAFAIIA0BAHAMkRTZkFAEDAAAAAAE2QZymEAEEcwRUY0FGAAAAdaklXW+90I14ZXMDvujiuF3s+f/5ZWFUiHV8xrBst/BEAJAABA8uvhNklsF2QZymLAAAAhxJBAAAADAAAAAAAAAAAAAAAAAAAAoYo0AQQAAHAwBARAEGA0BQYAAAACBAUAEDAAAAAA4JRPDJEAw0bjFGbAwDAJAABA8uvhNkls5JRPDpLAAAACyJBAAAADAAAAAAAAAAAAAAAAAAAAIZ89AATA8GAjBQYAwGAAAAFAwFAxAAAAAAA+RExsBBANl0QS90U+FDAAQEAJAABA8uvhNkls5HREzmLAAAAHyJBAAAADAAAAAAAAAAAAAAAAAAAAAJncBQTAkGAjBgcA8GAzBwbAYGA0BAAAgBAWBQMAAAAAAA+EZRlQAwVp5GZvd3cAAEAJAABA8uvhNklshPRWUpLAAAAVUMBAAAAEAAAAAAAAAAAAAAAAAAAAgscLBwVAkGAuBAZA8GA3BwcAAAAWAAVAEDAAAAAAI2QZCFEAQFal1WZzBAA+AQCAQAAv7rXDpdiiNUmQ5CAAAgLPAAAAAgAAAAAAAAAAAAAAAAAAAAATzZ8AQFAoBQZA0GAlBwcAAAAWAAZAEDAAAAAAoPRXMFEAAVQO9kUB5nMAAATAkAAEAw7+qPRXMl+EdxUuAAAAUGcAAAAAkAAAAAAAAAAAAAAAAAAAAwnDqNAQBQYA4GAvBgcAEGAtBQaAMGAgAAKAIDApAAAAgBAHUQMAAAAAAg+EdxUQAARFN1SU9kfxAAAUBQCAQAAv7r+EdxU6T0FT5CAAAwZwBAAAAwBAAAAAAAAAAAAAAAAAAAAgJ5sAQEAlBwcAsGA0BwbAAHACBQYAMGArBwZAIHAvBQdA4GAkBAAAgBAbSAAAABAv7bAAAAAJSAAAUIBAAQMTB1UFUdzVzpLbAxkXiA
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images@ID3 vdgMA8BRHpxAZJ3PnSUiFXVl+vGMu7BAAAQJA8uvQAAAAU4TIZ2BX7cAem9Re2cWQHAFAIIA0BAHAMkRTZkFAEDAAAAAAE2QZymEAEEcwRUY0FGAAAAdaklXW+90I14ZXMDvujiuF3s+f/5ZWFUiHV8xrBst/BEAJAABA8uvhNklsF2QZymLAAAAhxJBAAAADAAAAAAAAAAAAAAAAAAAAoYo0AQQAAHAwBARAEGA0BQYAAAACBAUAEDAAAAAAgmRHuIEAw0bjFGbAwDAJAABA8uvhNklshmRHuoLAAAACyJBAAAADAAAAAAAAAAAAAAAAAAAAkS9rAATA8GAjBQYAwGAAAAFAwFAxAAAAAAA+RExsBBANl0QS90U+FDAAQEAJAABA8uvhNkls5HREzmLAAAAHyJBAAAADAAAAAAAAAAAAAAAAAAAAAJncBQTAkGAjBgcA8GAzBwbAYGA0BAAAgBAWBQMAAAAAAAaGJTrQAwVp5GZvd3cAAEAJAABA8uvhNklshmRy0qLAAAAVUMBAAAAEAAAAAAAAAAAAAAAAAAAAEuoRBwVAkGAuBAZA8GA3BwcAAAAWAAVAEDAAAAAAERRdOGEAQFal1WZzBAA+AQCAQAAv7rXDpdiRUUnj5CAAAgLPAAAAAgAAAAAAAAAAAAAAAAAAAAAjQBxAQFAoBQZA0GAlBwcAAAAWAAXAEDAAAAAAERRdOGEA4USHhEVG5XMAAARAkAAEAw7+GRRdOWEF15YuAAAAwCMAAAAAcCAAAAAAAAAAAAAAAAAAAQ968BAOBQaAcGAoBAdAYGAhBAbAwGAAAAGAcQBxAAAAAAARUUnjBBAEV0ULR1T+FDAAQFAJAABA8uvRUUnjFRRdOmLAAAA6+GAAAAApAAAAAAAAAAAAAAAAAAAAc/2xAARAUGAzBwaAQHAvBAcAIEAhBwYAsGAnBgcA8GA1BgbAQGAAAAGAsJBAAAEA8uvBAAAAkIBAAQhEAAAxMFUTVQ1NXNnusBETeJCAsCL57aIAAA
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images@ID0 vdgMA8BRHpxAZJ3PnSUiFXVl+vGMu7BAAAQJA8uvQAAAAU4TIZ2BX7cAZ9bzvLguPHAFAIIA0BAHAMkRTZkFAEDAAAAAAE2QZymEAEEcwRUY0FGAAAAdaklXW+90I14ZXMDvujiuF3s+f/5ZWFUiHV8xrBst/BEAJAABA8uvhNklsF2QZymLAAAAhxJBAAAADAAAAAAAAAAAAAAAAAAAAoYo0AQQAAHAwBARAEGA0BQYAAAACBAUAEDAAAAAAERRxHGEAw0bjFGbAwDAJAABA8uvhNklsFRRxHmLAAAACyJBAAAADAAAAAAAAAAAAAAAAAAAAkO/4BATA8GAjBQYAwGAAAAFAwFAxAAAAAAA+RExsBBANl0QS90U+FDAAQEAJAABA8uvhNkls5HREzmLAAAAHyJBAAAADAAAAAAAAAAAAAAAAAAAAAJncBQTAkGAjBgcA8GAzBwbAYGA0BAAAgBAWBQMAAAAAAQEFhpYQAwVp5GZvd3cAAEAJAABA8uvhNklsFRRYKmLAAAAVUMBAAAAEAAAAAAAAAAAAAAAAAAAAMMbZBwVAkGAuBAZA8GA3BwcAAAAWAAVAEDAAAAAAoPRXMFEAQFal1WZzBAA+AQCAQAAv7rXDpdi6T0FT5CAAAgLPAAAAAgAAAAAAAAAAAAAAAAAAAAAfOo2AQFAoBQZA0GAlBwcAAAAWAAXAEDAAAAAAERRdOGEA4USHhEVG5XMAAARAkAAEAw7+GRRdOWEF15YuAAAAwCMAAAAAcCAAAAAAAAAAAAAAAAAAAwIUQMAOBQaAcGAoBAdAYGAhBAbAwGAAAAGAcQBxAAAAAAARUUnjBBAEV0ULR1T+FDAAQFAJAABA8uvRUUnjFRRdOmLAAAA6+GAAAAApAAAAAAAAAAAAAAAAAAAA4qRgCARAUGAzBwaAQHAvBAcAIEAhBwYAsGAnBgcA8GA1BgbAQGAAAAGAsJBAAAEA8uvBAAAAkIBAAQhEAAAxMFUTVQ1NXNnusBETeJCAsCL57aIAAA
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@MRUListEx 0x08 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@0 0x53 0x00 0x74 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@1 0x61 0x00 0x72 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@2 0x61 0x00 0x72 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@3 0x61 0x00 0x72 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@4 0x74 0x00 0x69 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@5 0x73 0x00 0x74 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@6 0x2A 0x00 0x2E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@7 0x2A 0x00 0x2E 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@8 0x59 0x00 0x75 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count 474
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{553891B7-A0D5-4526-BE18-D3CE461D6310}\iexplore@Count 474
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0xB0 0xC8 0x1A 0x0B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE@Persistent 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0@
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0@DisplayName Computer
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0@PMDisplayName Computer [Protected Mode]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0@Description Your computer
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0@Icon shell32.dll#0016
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0@LowIcon inetcpl.cpl#005422
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0@CurrentLevel 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0@Flags 33
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0@1200 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0@1400 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1@
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1@DisplayName Local intranet
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1@PMDisplayName Local intranet [Protected Mode]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1@Description This zone contains all Web sites that are on your organization's intranet.
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1@Icon shell32.dll#0018
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1@LowIcon inetcpl.cpl#005423
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1@CurrentLevel 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1@1200 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1@1400 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1@Flags 219
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2@
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2@DisplayName Trusted sites
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2@PMDisplayName Trusted sites [Protected Mode]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2@Description This zone contains Web sites that you trust not to damage your computer or data.
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2@Icon inetcpl.cpl#00004480
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2@LowIcon inetcpl.cpl#005424
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2@CurrentLevel 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2@Flags 33
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2@1200 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2@1400 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3@
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3@DisplayName Internet
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3@PMDisplayName Internet [Protected Mode]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3@Description This zone contains all Web sites you haven't placed in other zones
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3@Icon inetcpl.cpl#001313
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3@LowIcon inetcpl.cpl#005425
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3@CurrentLevel 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3@Flags 33
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3@1200 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3@1400 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4@
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4@DisplayName Restricted sites
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4@PMDisplayName Restricted sites [Protected Mode]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4@Description This zone contains Web sites that could potentially damage your computer or data.
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4@Icon inetcpl.cpl#00004481
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4@LowIcon inetcpl.cpl#005426
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4@CurrentLevel 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4@Flags 33
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4@1200 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4@1400 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\LowDAMap
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xFD 0x0D 0xE6 0x13 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xFD 0x0D 0xE6 0x13 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xFD 0x0D 0xE6 0x13 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xFD 0x0D 0xE6 0x13 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xCB 0x33 0xD6 0xC9 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 15
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0xA6 0x32 0xE4 0x44 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Consent
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Consent@DefaultConsent 3
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_version_logging._2966219cf1811d3244c49561a4ec9ae1e9cecf65_bf51c98c_20bd36c2
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x62 0x05 0x0D 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CloseDialog 0x8E 0x06 0x10 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Hangs
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Hangs\NHRTimes
---- EOF - GMER 2.1 ----
|
|
17.06.2015, 15:17
| #14 |
| /// the machine /// TB-Ausbilder | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.06.2015, 17:57
| #15 |
| | Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache Hallo schrauber, Das JRT Logfile war nicht auf dem Desktop sondern in C:\VTRoot\HarddiskVolume2\Users\Beckz\Desktop. MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.06.2015 Suchlauf-Zeit: 17:49:12 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.17.03 Rootkit Datenbank: v2015.06.15.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Beckz Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 460562 Verstrichene Zeit: 7 Min, 58 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 3 PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [9235209b5f2bf343ff20948d62a2738d], PUP.Optional.InstallCore.C, HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\SOFTWARE\InstallCore, In Quarantäne, [14b382390c7e91a5672e1d73b84d32ce], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [2e99eecd0189280e5cc2160b37cd748c], Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 1 PUP.Optional.SystemSpeedup, C:\Users\Beckz\AppData\Roaming\Systweak\ssd, In Quarantäne, [86410ead404a20162bfcddf52dd617e9], Dateien: 6 PUP.Optional.DownloadGuide.A, C:\ProgramData\COMODO\Cis\Quarantine\data\{C6651683-AE7D-4BED-9D53-280F9131F2FD}, In Quarantäne, [cafd4279f496b2846566b1b7c33f52ae], PUP.Optional.RegCleanPro.C, C:\Windows\System32\roboot64.exe, In Quarantäne, [973015a6157547ef4707acd523e3bb45], PUP.Optional.Somoto.SID.A, C:\Users\Beckz\AppData\Local\Temp\nsn4FD3.tmp, In Quarantäne, [97303784206a092d3c3e2e5346c003fd], PUP.Optional.Mypcbackup, C:\Users\Beckz\AppData\Local\Temp\BackupSetup.exe, In Quarantäne, [d9eed7e4365406308728d3ae8383ff01], PUP.Optional.Giga, C:\Users\Beckz\Downloads\TrackMania-Nations-Forever-lnstall.exe, In Quarantäne, [cef94f6cdbaf43f35f0a34eba561ca36], PUP.Optional.SystemSpeedup, C:\Users\Beckz\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, In Quarantäne, [86410ead404a20162bfcddf52dd617e9], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 17/06/2015 um 18:02:34
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-17.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Beckz - CHRIS
# Gestarted von : C:\Users\Beckz\Desktop\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Beckz\AppData\Roaming\Systweak
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKU\.DEFAULT\Software\GeekBuddyRSP
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v38.0.5 (x86 de)
[qkya3p82.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
-\\ Google Chrome v43.0.2357.124
*************************
AdwCleaner[R0].txt - [1471 Bytes] - [17/06/2015 18:00:56]
AdwCleaner[R1].txt - [1530 Bytes] - [17/06/2015 18:01:54]
AdwCleaner[S0].txt - [1362 Bytes] - [17/06/2015 18:02:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1421 Bytes] ##########
[/CODE] JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 8.1 x64
Ran by Beckz on 17.06.2015 at 18:05:44,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_349381C3921A743EC7E4CD3155ACD016
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
~~~ Chrome
[C:\Users\Beckz\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Beckz\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Beckz\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Beckz\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.06.2015 at 18:47:15,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Beckz (administrator) on CHRIS on 17-06-2015 18:50:58
Running from C:\Users\Beckz\Desktop
Loaded Profiles: Beckz (Available Profiles: Beckz & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Spotify Ltd) C:\Users\Beckz\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Beckz\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-09] (COMODO)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-06-07] (Adobe Systems Incorporated)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\Run: [Battle.net] => D:\Battle.net\Battle.net Launcher.exe [2860080 2015-06-02] (Blizzard Entertainment)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\Run: [Spotify Web Helper] => C:\Users\Beckz\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-31] (Spotify Ltd)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\Run: [Spotify] => C:\Users\Beckz\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-31] (Spotify Ltd)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\Run: [GoogleChromeAutoLaunch_349381C3921A743EC7E4CD3155ACD016] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-10] (Google Inc.)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\MountPoints2: {37f5a09d-cedc-11e4-bf08-ac220b78bea7} - "H:\aocsetup.exe" /autorun
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\MountPoints2: {6dc50353-cb03-11e4-bf05-ac220b78bea7} - "E:\SETUP.EXE"
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\...\MountPoints2: {fdbfa1bc-4185-11e3-be83-ac220b78bea7} - "L:\LaunchU3.exe" -a
Startup: C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-11-27] ()
Startup: C:\Users\Beckz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Beckz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Beckz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1551654986-3807097994-1316783454-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\java\bin\ssv.dll [2014-03-30] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\java\bin\jp2ssv.dll [2014-03-30] (Oracle Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E03971CE-16A2-4630-A618-CDA4E8760159}: [NameServer] 156.154.70.25,156.154.71.25
FireFox:
========
FF ProfilePath: C:\Users\Beckz\AppData\Roaming\Mozilla\Firefox\Profiles\uwaxteab.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-04] ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\WINDOWS\system32\npDeployJava1.dll [2014-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> D:\java\bin\plugin2\npjp2.dll [2014-03-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-01] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-17] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1551654986-3807097994-1316783454-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-17] (Pando Networks)
FF SearchPlugin: C:\Users\Beckz\AppData\Roaming\Mozilla\Firefox\Profiles\uwaxteab.default\searchplugins\dictcc.xml [2014-01-21]
FF SearchPlugin: C:\Users\Beckz\AppData\Roaming\Mozilla\Firefox\Profiles\uwaxteab.default\searchplugins\wowhead.xml [2013-12-26]
FF SearchPlugin: C:\Users\Beckz\AppData\Roaming\Mozilla\Firefox\Profiles\uwaxteab.default\searchplugins\youtube-videosuche.xml [2014-01-26]
FF Extension: Adblock Plus - C:\Users\Beckz\AppData\Roaming\Mozilla\Firefox\Profiles\uwaxteab.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-05]
Chrome:
=======
CHR Profile: C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-07]
CHR Extension: (Google Docs) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-07]
CHR Extension: (Google Drive) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-07]
CHR Extension: (YouTube) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-07]
CHR Extension: (Google Search) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-07]
CHR Extension: (Google Sheets) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-07]
CHR Extension: (AdBlock) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-07]
CHR Extension: (Google Wallet) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-07]
CHR Extension: (Gmail) - C:\Users\Beckz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-07]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-30] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-04] (Microsoft Corporation)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-09] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-09] (COMODO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-06-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-13] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-05-08] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-21] (Disc Soft Ltd)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-06-01] (NVIDIA Corporation)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [129856 2012-10-20] (Ray Hinchliffe)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-17 18:50 - 2015-06-17 18:50 - 00019473 _____ C:\Users\Beckz\Desktop\FRST.txt
2015-06-17 18:47 - 2015-06-17 18:47 - 00001231 _____ C:\Users\Beckz\Desktop\JRT.txt
2015-06-17 18:04 - 2015-06-17 18:04 - 02949914 _____ (Thisisu) C:\Users\Beckz\Desktop\JRT.exe
2015-06-17 18:03 - 2015-06-17 18:03 - 00001501 _____ C:\Users\Beckz\Desktop\AdwCleaner[S0].txt
2015-06-17 18:00 - 2015-06-17 18:02 - 00000000 ____D C:\AdwCleaner
2015-06-17 18:00 - 2015-06-17 18:00 - 02231296 _____ C:\Users\Beckz\Desktop\AdwCleaner_4.206.exe
2015-06-17 18:00 - 2015-06-17 18:00 - 00002452 _____ C:\Users\Beckz\Desktop\mbam.txt
2015-06-17 17:48 - 2015-06-17 17:59 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 17:48 - 2015-06-17 17:48 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-17 17:48 - 2015-06-17 17:48 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-17 17:48 - 2015-06-17 17:48 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-17 17:48 - 2015-06-17 17:48 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-17 17:48 - 2015-06-17 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-17 17:48 - 2015-06-17 17:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-17 17:48 - 2015-06-17 17:48 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-17 17:47 - 2015-06-17 17:47 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Beckz\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-16 00:04 - 2015-06-16 00:04 - 00074388 _____ C:\Users\Beckz\Downloads\Logfiles.zip
2015-06-15 23:03 - 2015-06-17 18:04 - 00000000 ____D C:\Users\Beckz\Desktop\Neuer Ordner
2015-06-15 23:03 - 2015-06-15 23:03 - 00380416 _____ C:\Users\Beckz\Desktop\Gmer-19357.exe
2015-06-15 22:57 - 2015-06-17 18:50 - 00000000 ____D C:\FRST
2015-06-15 22:57 - 2015-06-15 22:57 - 02109952 _____ (Farbar) C:\Users\Beckz\Desktop\FRST64.exe
2015-06-15 22:57 - 2015-06-15 22:57 - 00000472 _____ C:\Users\Beckz\Desktop\defogger_disable.log
2015-06-15 22:57 - 2015-06-15 22:57 - 00000000 _____ C:\Users\Beckz\defogger_reenable
2015-06-15 22:56 - 2015-06-15 22:56 - 00050477 _____ C:\Users\Beckz\Desktop\Defogger.exe
2015-06-14 22:03 - 2015-06-14 22:05 - 81179244 _____ C:\Users\Beckz\Downloads\SpackoDeluxeProduction.mov
2015-06-14 21:31 - 2015-06-14 21:39 - 371449164 _____ C:\Users\Beckz\Downloads\Alex_Julinane_Lied.mov
2015-06-14 21:30 - 2015-06-14 21:30 - 17319145 _____ C:\Users\Beckz\Downloads\Steffi 2.MOV
2015-06-14 21:30 - 2015-06-14 21:30 - 17275693 _____ C:\Users\Beckz\Downloads\Steffi 1.MOV
2015-06-14 21:29 - 2015-06-14 21:29 - 01603605 _____ C:\Users\Beckz\Downloads\Maesi.mp4
2015-06-14 21:28 - 2015-06-14 21:29 - 45734639 _____ C:\Users\Beckz\Downloads\Josef.mov
2015-06-14 21:28 - 2015-06-14 21:28 - 02250189 _____ C:\Users\Beckz\Downloads\Dirko.mp4
2015-06-14 00:09 - 2015-06-14 00:09 - 00000046 _____ C:\WINDOWS\wininit.ini
2015-06-09 19:30 - 2015-06-09 19:30 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-09 19:30 - 2015-06-09 19:30 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 19:30 - 2015-06-09 19:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 19:30 - 2015-06-09 19:30 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-09 19:30 - 2015-06-09 19:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-09 19:30 - 2015-06-09 19:30 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-09 19:30 - 2015-06-09 19:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-09 19:30 - 2015-06-09 19:30 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-09 19:30 - 2015-06-09 19:30 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 19:30 - 2015-06-09 19:30 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-09 19:30 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 19:30 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 19:30 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 19:30 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 19:30 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-09 14:00 - 2015-06-09 14:00 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2015-06-07 19:52 - 2015-06-17 18:03 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-07 19:52 - 2015-06-17 17:58 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-07 19:52 - 2015-06-10 19:58 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-07 19:52 - 2015-06-07 19:52 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-07 19:52 - 2015-06-07 19:52 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-07 19:52 - 2015-06-07 19:52 - 00000000 ____D C:\Users\Beckz\AppData\Local\Google
2015-06-07 19:52 - 2015-06-07 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-07 19:52 - 2015-06-07 19:52 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-07 19:51 - 2015-06-07 19:51 - 00931408 _____ (Google Inc.) C:\Users\Beckz\Downloads\ChromeSetup.exe
2015-06-07 11:14 - 2015-06-07 11:14 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-03 16:04 - 2015-06-13 23:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-01 20:39 - 2015-06-01 20:39 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-01 20:37 - 2015-06-01 20:39 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-06-01 20:37 - 2015-06-01 20:39 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 37741712 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 30480528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 22946960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 16185352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 14495448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 13304280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 11830512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 10995528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-01 20:37 - 2015-06-01 20:38 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435306.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435306.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 01099808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 01050440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00982856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00939080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00878816 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00407112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00175880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-01 20:37 - 2015-06-01 20:38 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-01 20:37 - 2015-05-28 09:04 - 42719888 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-01 20:27 - 2015-06-01 20:28 - 00048784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-01 20:27 - 2015-06-01 20:28 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-06-01 19:11 - 2015-06-01 19:11 - 00000000 ____D C:\Users\Beckz\AppData\Local\GWX
2015-06-01 14:51 - 2015-06-01 14:51 - 00000000 ____D C:\Users\Gast\AppData\Local\GWX
2015-05-24 15:23 - 2015-06-15 21:57 - 00000000 ____D C:\Users\Beckz\Documents\The Witcher 3
2015-05-24 15:23 - 2015-05-24 15:23 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2015-05-24 15:23 - 2015-05-24 15:23 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2015-05-24 15:23 - 2015-05-24 15:23 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2015-05-24 15:23 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2015-05-24 15:22 - 2015-05-24 15:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-24 14:07 - 2015-05-24 14:07 - 00000000 ____D C:\Users\Beckz\AppData\Local\openvr
2015-05-20 21:00 - 2015-05-20 21:00 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 21:00 - 2015-05-20 21:00 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 20:37 - 2015-05-20 21:07 - 670563043 _____ C:\Users\Beckz\Downloads\retropie-v3.0beta2-rpi1.img.gz
2015-05-19 20:19 - 2015-05-19 20:19 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-19 20:19 - 2015-05-19 20:19 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-19 20:19 - 2015-05-19 20:19 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-19 20:19 - 2015-05-19 20:19 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-19 20:19 - 2015-05-19 20:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-19 20:19 - 2015-05-19 20:19 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-19 20:19 - 2015-05-19 20:19 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-19 20:19 - 2015-05-19 20:19 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-19 20:19 - 2015-05-19 20:19 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-19 20:19 - 2015-05-19 20:19 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-19 20:19 - 2015-05-19 20:19 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-19 20:19 - 2015-05-19 20:19 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-17 18:50 - 2014-03-23 10:13 - 00811364 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-06-17 18:49 - 2014-03-28 17:17 - 00000000 ____D C:\Users\Beckz\AppData\Roaming\ClassicShell
2015-06-17 18:47 - 2013-10-30 19:19 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1551654986-3807097994-1316783454-1002
2015-06-17 18:43 - 2014-02-09 14:47 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-06-17 18:17 - 2013-11-01 02:03 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-17 18:14 - 2013-11-01 15:34 - 01247565 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-17 18:10 - 2013-09-30 06:14 - 02132518 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-17 18:10 - 2013-09-30 05:56 - 01026792 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-17 18:10 - 2013-09-30 05:56 - 00245954 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-17 18:03 - 2014-03-12 23:57 - 00000000 ___RD C:\Users\Beckz\Dropbox
2015-06-17 18:03 - 2014-03-12 23:56 - 00000000 ____D C:\Users\Beckz\AppData\Roaming\Dropbox
2015-06-17 18:03 - 2014-02-26 20:19 - 00000000 ____D C:\Users\Beckz\AppData\Local\Battle.net
2015-06-17 18:03 - 2013-11-27 19:22 - 00000000 ____D C:\Users\Beckz\AppData\Local\Deployment
2015-06-17 18:03 - 2013-11-01 15:46 - 00000000 __RDO C:\Users\Beckz\SkyDrive
2015-06-17 18:03 - 2013-11-01 15:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-17 18:03 - 2013-10-30 23:23 - 00000000 ____D C:\Users\Beckz\AppData\Roaming\Spotify
2015-06-17 18:03 - 2013-10-30 23:23 - 00000000 ____D C:\Users\Beckz\AppData\Local\Spotify
2015-06-17 18:03 - 2013-09-29 21:04 - 00034040 _____ C:\WINDOWS\PFRO.log
2015-06-17 18:03 - 2013-08-22 16:46 - 00376208 _____ C:\WINDOWS\setupact.log
2015-06-17 18:03 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-17 18:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-17 18:02 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-17 18:01 - 2013-11-01 15:49 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1BF39C4A-C4D8-45CF-A922-6C4F99F1E3A6}
2015-06-15 23:38 - 2013-11-06 21:50 - 00002648 _____ C:\Users\Beckz\Desktop\Neues Textdokument.txt
2015-06-15 22:57 - 2013-11-01 15:36 - 00000000 ____D C:\Users\Beckz
2015-06-15 22:19 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-15 21:12 - 2015-03-15 04:14 - 00000000 ____D C:\Users\Beckz\Desktop\Games
2015-06-14 22:12 - 2014-08-17 14:40 - 00000000 ____D C:\Users\Beckz\Documents\my games
2015-06-14 00:11 - 2015-03-19 21:09 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-14 00:11 - 2013-11-01 15:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-14 00:09 - 2014-02-09 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-06-13 23:34 - 2013-10-30 17:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-13 23:34 - 2013-08-22 16:44 - 00373232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-13 23:33 - 2014-12-12 00:54 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-13 23:33 - 2014-07-10 00:29 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-13 23:33 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-13 23:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-13 23:30 - 2013-10-30 23:23 - 00002051 _____ C:\Users\Beckz\Desktop\Spotify.lnk
2015-06-13 14:26 - 2013-09-24 13:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-13 14:26 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-13 14:22 - 2013-09-24 13:10 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 19:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-09 19:30 - 2013-09-30 06:10 - 02473472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-06-09 19:30 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-09 19:30 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 19:28 - 2014-04-17 16:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\ClassicShell
2015-06-07 11:14 - 2015-02-08 12:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-05 15:36 - 2013-11-14 12:38 - 00820928 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-06-05 15:36 - 2013-09-24 11:54 - 00126696 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-06-05 15:36 - 2013-09-24 11:54 - 00035056 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-06-05 15:36 - 2013-09-24 11:54 - 00020672 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-06-05 15:34 - 2013-11-14 12:38 - 00041224 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-06-05 15:34 - 2013-09-24 11:53 - 00576824 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-06-05 15:34 - 2013-09-24 11:53 - 00444448 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-06-05 15:33 - 2013-09-24 11:53 - 00358080 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-06-05 15:32 - 2013-09-24 11:53 - 00045760 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-06-05 15:31 - 2013-09-24 11:53 - 00288448 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-06-05 15:31 - 2013-09-24 11:53 - 00040640 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-06-04 21:15 - 2013-11-01 02:01 - 00000000 ____D C:\Users\Beckz\AppData\Local\Adobe
2015-06-04 21:14 - 2013-11-01 02:03 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-03 23:04 - 2014-07-02 17:56 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-03 23:04 - 2014-07-02 17:56 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-03 23:04 - 2013-12-17 23:18 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-03 23:04 - 2013-12-17 23:18 - 01320304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-01 20:39 - 2014-07-24 20:38 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-06-01 20:39 - 2013-10-10 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-01 20:38 - 2014-08-17 18:16 - 15864064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-01 20:38 - 2014-08-17 18:16 - 14987528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-01 20:38 - 2013-11-01 15:34 - 00937288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-01 20:38 - 2013-11-01 15:34 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-01 20:38 - 2013-11-01 15:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-01 20:38 - 2013-10-27 10:12 - 17486856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-01 20:38 - 2013-10-27 10:12 - 12852152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-01 20:38 - 2013-10-27 10:12 - 03379680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-06-01 20:38 - 2013-10-27 10:12 - 02986392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-01 20:38 - 2013-10-10 09:35 - 00112968 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-06-01 20:38 - 2013-10-10 09:35 - 00105288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-06-01 20:28 - 2013-10-10 09:35 - 00052880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-06-01 14:58 - 2013-10-31 21:25 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-05-28 09:04 - 2013-10-27 10:12 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-05-28 06:15 - 2013-11-01 15:34 - 06872904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-05-28 06:15 - 2013-11-01 15:34 - 03491984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-05-28 06:15 - 2013-11-01 15:34 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-05-28 06:15 - 2013-11-01 15:34 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-05-27 12:48 - 2013-11-01 15:34 - 04408727 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-05-24 15:23 - 2014-04-06 11:05 - 00000000 ____D C:\Users\Beckz\AppData\Roaming\NVIDIA
2015-05-24 15:22 - 2013-09-30 10:50 - 00149954 _____ C:\WINDOWS\DirectX.log
2015-05-21 23:13 - 2014-03-19 21:39 - 00140800 ___SH C:\Users\Beckz\Desktop\Thumbs.db
2015-05-21 18:22 - 2013-11-26 19:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-21 18:22 - 2013-11-26 19:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-20 23:17 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-20 23:17 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-05-20 20:57 - 2015-04-07 19:37 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-20 20:57 - 2015-04-07 19:37 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-20 20:57 - 2013-11-26 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-20 20:55 - 2013-09-30 05:59 - 00000000 ____D C:\Program Files\Windows Journal
==================== Files in the root of some directories =======
2015-04-29 17:11 - 2015-05-11 23:59 - 0003961 _____ () C:\Users\Beckz\AppData\Roaming\LTspiceIV.ini
2015-03-15 13:13 - 2015-03-15 19:31 - 0000026 _____ () C:\Users\Beckz\AppData\Local\isoworkshop.ini
Some files in TEMP:
====================
C:\Users\Beckz\AppData\Local\Temp\bitool.dll
C:\Users\Beckz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr_ulwz.dll
C:\Users\Beckz\AppData\Local\Temp\mailcheck_ff_2014_12_02.exe
C:\Users\Beckz\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Beckz\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Beckz\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Beckz\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Beckz\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Beckz\AppData\Local\Temp\nvStInst.exe
C:\Users\Beckz\AppData\Local\Temp\Quarantine.exe
C:\Users\Beckz\AppData\Local\Temp\sdan.exe
C:\Users\Beckz\AppData\Local\Temp\sdapk.exe
C:\Users\Beckz\AppData\Local\Temp\sdaspwn.exe
C:\Users\Beckz\AppData\Local\Temp\sqlite3.dll
C:\Users\Beckz\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Beckz\AppData\Local\Temp\tmnationsforever_setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-13 19:42
==================== End of log ============================
|
|
| Themen zu Windows 8.1 - Comodo findet TrojWare.JS.Agent.PD in Google/Firefox Cache |
| .dll, administrator, adobe, bonjour, browser, canon, defender, desktop, explorer, firefox, flash player, geforce, google, log, mozilla, nvidia, realtek, registry, rundll, scan, security, software, svchost.exe, system, windows, winlogon.exe |
Linear-Darstellung
