| |
| |||||||
Log-Analyse und Auswertung: Comodo wird TrojWare.JS.Agent.PD@300743807 nicht losWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.06.2015, 06:07
| #1 |
 |  Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los Hallo Helfer/Helferin, Ich habe ein kleines Problem: Mein Comodo erkennt regelmäßig TrojWare.JS.Agent.PD@300743807 in Firefox Unterordnern. Leider kann ich hier kein Comodo Protokoll posten, da ich aus Dummheit die Logs bereinigt habe, beim Versuch die richtigen Ergebnisse zu filtern. An sich habe ich bisher keine Auffälligkeiten an meinem Rechner erkannt, jedoch plage ich mich jetzt schon seit längerer Zeit mit Problemen am Firefox herum. Es gibt immer wieder Phasen in denen er hängen bleibt, sich selbst beendet oder extrem langsam ist. Dieses Problem hatte auch nach kompletter Deinstallation des Firefox Bestand. Anbei schicke ich die geforderten Logs, und hoffe sie helfen dir (und dann ja auch mir) weiter: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 06:14 on 29/06/2015 (Martin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Martin (administrator) on ******** on 29-06-2015 06:16:17
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin (Available Profiles: Martin & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4150\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5942\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-11-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-11-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-10] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-06-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-06-20] (Apple Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-01-28] (Apple Inc.)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-01-28] (Apple Inc.)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-11] (SUPERAntiSpyware)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-04-25]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2013-11-20]
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-08] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-08] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B79355F-0C5D-4A23-87FC-1205805516AD}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0B79355F-0C5D-4A23-87FC-1205805516AD}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\user.js [2015-06-22]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\donottrackplus@abine.com [2015-06-22]
FF Extension: FoxyProxy Standard - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\foxyproxy@eric.h.jung [2015-06-22]
FF Extension: Flashblock - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-06-22]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-22]
FF Extension: anonymoX - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\client@anonymox.net.xpi [2015-06-22]
FF Extension: NoScript - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-22]
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-22]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-22]
Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-26]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-26]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-26]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-26]
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Martin\AppData\LocalLow\proxtube\CHROME\proxtube.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-11] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-06-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-29] (Microsoft Corporation)
S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-10] (COMODO)
S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2012-11-28] (DTS)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-12-12] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-06-22] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-03] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswnet; C:\Windows\System32\Drivers\aswnet.sys [468144 2013-01-21] (AVAST Software)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [40224 2012-09-21] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2015-01-17] (CPUID)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-11-03] (LogMeIn Inc.)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-22] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-12-12] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-29] (Microsoft Corporation)
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-29 06:16 - 2015-06-29 06:17 - 00018150 _____ C:\Users\Martin\Downloads\FRST.txt
2015-06-29 06:16 - 2015-06-29 06:16 - 00000000 ____D C:\Users\Martin\Desktop\TrojanerBoard
2015-06-29 06:16 - 2015-06-29 06:16 - 00000000 ____D C:\FRST
2015-06-29 06:15 - 2015-06-29 06:15 - 02112512 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2015-06-29 06:14 - 2015-06-29 06:14 - 00050477 _____ C:\Users\Martin\Downloads\Defogger.exe
2015-06-29 06:14 - 2015-06-29 06:14 - 00000474 _____ C:\Users\Martin\Downloads\defogger_disable.log
2015-06-29 06:14 - 2015-06-29 06:14 - 00000000 _____ C:\Users\Martin\defogger_reenable
2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Movavi
2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Movavi
2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Deshaker
2015-06-28 04:35 - 2015-06-28 04:35 - 00001132 _____ C:\Users\Public\Desktop\Movavi Video Editor 10.lnk
2015-06-28 04:35 - 2015-06-28 04:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 10
2015-06-28 04:34 - 2015-06-28 04:35 - 00000000 ____D C:\Program Files (x86)\Movavi Video Editor 10
2015-06-28 04:33 - 2015-06-28 04:33 - 00005005 _____ C:\ProgramData\wmzddnmb.cix
2015-06-28 04:33 - 2015-06-28 04:33 - 00000000 ____D C:\ProgramData\Movavi Video Editor 10
2015-06-28 04:31 - 2015-06-28 04:32 - 122618720 _____ (Movavi) C:\Users\Martin\Downloads\MovaviVideoEditorSetupC.exe
2015-06-28 03:59 - 2015-06-28 04:26 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel Teamspeak
2015-06-27 20:08 - 2015-06-27 20:08 - 06477032 _____ (Tim Kosse) C:\Users\Martin\Downloads\FileZilla_3.11.0.2_win64-setup.exe
2015-06-27 14:44 - 2015-06-27 14:44 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft Logs Uploader.lnk
2015-06-27 14:44 - 2015-06-27 14:44 - 00001023 _____ C:\Users\Public\Desktop\Warcraft Logs Uploader.lnk
2015-06-27 14:44 - 2015-06-27 14:44 - 00000000 ____D C:\Program Files (x86)\Warcraft Logs Uploader
2015-06-27 14:42 - 2015-06-27 14:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-06-27 14:42 - 2015-06-27 14:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-06-27 14:20 - 2015-06-27 14:20 - 18054744 _____ (Adobe Systems Inc.) C:\Users\Martin\Downloads\AdobeAIRInstaller.exe
2015-06-27 14:20 - 2015-06-27 14:20 - 01371985 _____ C:\Users\Martin\Downloads\warcraftlogs.air
2015-06-25 10:48 - 2015-06-25 10:48 - 00098110 _____ C:\Users\Martin\Downloads\MasterPlan-0.60.zip
2015-06-25 09:48 - 2015-06-25 15:45 - 00000000 ____D C:\Users\Martin\Desktop\AltesIphoneFinal2015
2015-06-24 14:44 - 2015-06-24 14:44 - 02528274 _____ C:\Users\Martin\Downloads\DBM-Core-6.2.0.zip
2015-06-24 07:07 - 2015-06-24 07:33 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel Screens
2015-06-22 02:34 - 2015-06-22 02:34 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-22 02:26 - 2015-06-22 02:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup(1).exe
2015-06-22 00:15 - 2015-06-22 00:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup.exe
2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Users\Martin\Downloads\Malwarebytes-Anti-Malware
2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Browser-Security
2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2015-06-20 04:05 - 2015-06-20 04:05 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-20 04:05 - 2015-06-20 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files\iTunes
2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files\iPod
2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-06-19 19:57 - 2015-06-19 19:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
2015-06-15 20:07 - 2015-06-15 20:07 - 00000000 _____ C:\Users\Martin\Desktop\Neues Textdokument.txt
2015-06-10 21:36 - 2015-06-10 21:36 - 00202295 _____ C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip
2015-06-10 21:31 - 2015-06-13 20:10 - 00018012 _____ C:\Users\Martin\Desktop\ChamaleonOffbeat.aup
2015-06-10 21:31 - 2015-06-10 21:31 - 00031037 _____ C:\Users\Martin\Desktop\ChamaleonOffbeatSIcherung.aup
2015-06-10 21:31 - 2015-06-10 21:31 - 00000000 ____D C:\Users\Martin\Desktop\ChamaleonOffbeatSIcherung_data
2015-06-10 21:31 - 2015-06-10 21:31 - 00000000 ____D C:\Users\Martin\Desktop\ChamaleonOffbeat_data
2015-06-10 20:37 - 2015-06-10 20:37 - 00001548 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-06-10 20:37 - 2015-06-10 20:37 - 00001257 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-06-10 20:37 - 2015-06-10 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-06-10 20:36 - 2015-06-10 20:36 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-06-10 20:35 - 2015-06-10 20:35 - 36127464 _____ (DVDVideoSoft Ltd. ) C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe
2015-06-10 20:33 - 2015-06-10 20:33 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-06-10 20:33 - 2015-06-10 20:33 - 00001019 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-06-10 20:33 - 2015-06-10 20:33 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-06-10 20:29 - 2015-06-10 20:29 - 01197344 _____ C:\Users\Martin\Downloads\Audacity - CHIP-Installer.exe
2015-06-10 20:10 - 2015-06-24 15:35 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-10 20:10 - 2015-06-24 15:35 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 15:44 - 2015-06-10 15:44 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 15:44 - 2015-06-10 15:44 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 15:44 - 2015-06-10 15:44 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 15:44 - 2015-06-10 15:44 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 15:44 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 15:44 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 15:44 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 15:43 - 2015-06-10 15:43 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-09 01:50 - 2015-06-09 01:50 - 13095136 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\Silverlight_x64 (1).exe
2015-06-09 01:41 - 2015-06-09 01:42 - 13095136 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\Silverlight_x64.exe
2015-06-08 18:48 - 2015-06-08 18:48 - 00000000 ____D C:\Users\Martin\AppData\Local\GWX
2015-06-08 09:56 - 2015-06-25 23:04 - 00000000 ____D C:\Users\Martin\AppData\Roaming\.minecraft
2015-06-08 09:55 - 2015-06-08 10:06 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-06-08 09:55 - 2015-06-08 09:55 - 02314240 _____ C:\Users\Martin\Downloads\MinecraftInstaller.msi
2015-06-08 09:55 - 2015-06-08 09:55 - 00000973 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-06-08 09:55 - 2015-06-08 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-06-08 09:54 - 2015-06-08 09:54 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-06-08 09:54 - 2015-06-08 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-08 09:54 - 2015-06-08 09:54 - 00000000 ____D C:\Program Files\Java
2015-06-08 09:48 - 2015-06-08 09:48 - 01197344 _____ C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2015-06-07 18:29 - 2015-06-07 18:29 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-03 20:35 - 2015-06-03 20:35 - 01594655 _____ C:\Users\Martin\Downloads\ExRT3440.zip
2015-06-03 07:07 - 2015-06-03 07:07 - 00007194 _____ C:\Users\Martin\Desktop\readme.html
2015-06-03 07:06 - 2015-06-03 07:06 - 06471520 _____ (Tim Kosse) C:\Users\Martin\Downloads\FileZilla_3.11.0.1_win64-setup.exe
2015-06-02 02:07 - 2015-06-02 02:07 - 00733320 _____ C:\Users\Martin\Khuz06.02.html
2015-06-02 02:07 - 2015-06-02 02:07 - 00000561 _____ C:\Users\Martin\Desktop\Khuz06.02.html.lnk
2015-06-01 23:10 - 2015-06-02 02:06 - 00000000 ____D C:\Users\Martin\Desktop\simc-612-02-win64
2015-06-01 23:09 - 2015-06-01 23:09 - 32565970 _____ C:\Users\Martin\Desktop\simc-612-02-win64.7z
2015-05-31 02:08 - 2015-05-31 02:08 - 00000874 _____ C:\Users\Martin\AppData\Local\recently-used.xbel
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-29 06:16 - 2015-02-25 16:32 - 00000000 ____D C:\Users\Martin\AppData\Local\Battle.net
2015-06-29 06:14 - 2014-10-21 05:20 - 00000000 ____D C:\Users\Martin
2015-06-29 06:14 - 2012-12-13 15:21 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-06-29 06:03 - 2015-01-13 18:30 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-29 06:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-29 05:47 - 2014-04-26 14:55 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-29 05:32 - 2014-10-21 05:10 - 01229766 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-29 00:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-29 00:05 - 2012-12-18 20:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\TS3Client
2015-06-28 22:47 - 2014-04-26 14:55 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-28 04:56 - 2012-11-28 11:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-683499341-1041353402-3527594545-1001
2015-06-28 04:42 - 2013-01-07 20:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2015-06-27 20:09 - 2014-11-10 18:30 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FileZilla
2015-06-27 14:44 - 2012-12-13 14:40 - 00000000 ____D C:\ProgramData\Adobe
2015-06-27 14:44 - 2012-11-28 10:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Adobe
2015-06-27 14:42 - 2012-12-15 01:20 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe
2015-06-27 14:42 - 2012-12-15 01:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-26 20:20 - 2014-11-09 03:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-26 14:45 - 2014-10-21 05:10 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-26 14:45 - 2014-09-23 23:06 - 00021992 _____ C:\WINDOWS\PFRO.log
2015-06-26 14:45 - 2013-08-22 16:46 - 00438109 _____ C:\WINDOWS\setupact.log
2015-06-26 14:45 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-26 12:18 - 2013-01-21 05:46 - 00000000 ____D C:\Users\Martin\Desktop\World of Warcraft
2015-06-25 16:05 - 2014-11-06 20:55 - 00000600 _____ C:\Users\Martin\AppData\Local\PUTTY.RND
2015-06-25 15:23 - 2013-11-05 18:27 - 00000000 ____D C:\ProgramData\Origin
2015-06-25 10:26 - 2015-02-12 09:52 - 00000000 ____D C:\Users\Martin\Desktop\Nudeanna
2015-06-24 20:05 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-24 07:09 - 2014-09-24 14:11 - 00000000 ____D C:\Users\Martin\Desktop\la fotografia
2015-06-24 04:40 - 2015-02-05 05:24 - 00067082 _____ C:\Users\Martin\Desktop\Email1.odt
2015-06-24 04:15 - 2015-03-01 18:51 - 00000000 ____D C:\Users\Martin\Desktop\Tor Browser
2015-06-23 19:03 - 2015-01-13 18:30 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-22 02:35 - 2014-04-17 17:29 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 02:34 - 2014-04-17 17:28 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-22 02:34 - 2014-04-17 17:28 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-22 02:34 - 2014-04-17 17:28 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-22 02:34 - 2014-04-17 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-22 02:34 - 2014-04-17 17:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-22 00:02 - 2015-04-24 00:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-21 18:53 - 2015-02-25 16:32 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-20 04:08 - 2015-04-21 13:59 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-683499341-1041353402-3527594545-500
2015-06-20 04:05 - 2012-08-21 13:01 - 00125872 _____ (GEAR Software Inc.) C:\WINDOWS\system32\GEARAspi64.dll
2015-06-20 04:05 - 2012-08-21 13:01 - 00106928 _____ (GEAR Software Inc.) C:\WINDOWS\SysWOW64\GEARAspi.dll
2015-06-20 04:04 - 2013-05-16 12:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-19 08:41 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-18 01:11 - 2014-12-12 01:19 - 00948588 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-06-17 22:39 - 2014-09-24 08:17 - 02129096 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-17 22:39 - 2014-09-24 07:43 - 01025754 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-17 22:39 - 2014-09-24 07:43 - 00245418 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-17 00:44 - 2014-05-01 16:16 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-13 20:10 - 2013-01-31 03:47 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Audacity
2015-06-11 01:40 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-10 20:37 - 2013-01-07 20:12 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2015-06-10 20:36 - 2013-01-07 20:12 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DVDVideoSoft
2015-06-10 20:10 - 2013-08-22 16:44 - 00362840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 18:53 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 18:52 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 18:48 - 2013-09-18 11:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 18:41 - 2012-12-12 22:46 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-08 09:39 - 2015-03-01 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-08 09:38 - 2015-04-16 02:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-08 09:38 - 2014-09-24 09:43 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-08 09:03 - 2015-01-28 00:21 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel.Server
2015-06-08 08:56 - 2014-09-25 16:48 - 00000000 ____D C:\ProgramData\Oracle
2015-06-05 15:36 - 2014-03-25 20:22 - 00820928 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-06-05 15:36 - 2014-03-25 20:22 - 00126696 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-06-05 15:36 - 2014-03-25 20:22 - 00035056 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-06-05 15:36 - 2014-03-25 20:22 - 00020672 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-06-05 15:34 - 2014-03-25 20:22 - 00576824 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-06-05 15:34 - 2014-03-25 20:22 - 00444448 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-06-05 15:34 - 2014-03-25 20:22 - 00041224 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-06-05 15:33 - 2014-03-25 20:22 - 00358080 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-06-05 15:32 - 2014-03-25 20:22 - 00045760 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-06-05 15:31 - 2014-03-25 20:22 - 00288448 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-06-05 15:31 - 2014-03-25 20:22 - 00040640 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-06-04 17:45 - 2014-06-22 17:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\SimulationCraft
2015-06-03 00:54 - 2013-11-05 18:28 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Origin
2015-06-03 00:53 - 2013-11-05 18:26 - 00000000 ____D C:\Program Files (x86)\Origin
2015-05-31 02:08 - 2013-01-20 00:25 - 00000000 ____D C:\Users\Martin\.gimp-2.8
==================== Files in the root of some directories =======
2013-06-03 18:24 - 2013-06-03 19:16 - 0000474 _____ () C:\Users\Martin\AppData\Roaming\Poladroid prefs.plist
2014-11-06 20:55 - 2015-06-25 16:05 - 0000600 _____ () C:\Users\Martin\AppData\Local\PUTTY.RND
2015-05-31 02:08 - 2015-05-31 02:08 - 0000874 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2014-04-15 20:00 - 2014-04-15 20:00 - 0000017 _____ () C:\Users\Martin\AppData\Local\resmon.resmoncfg
2013-04-25 13:58 - 2014-11-09 02:51 - 0001809 _____ () C:\ProgramData\hpzinstall.log
2015-06-28 04:33 - 2015-06-28 04:33 - 0005005 _____ () C:\ProgramData\wmzddnmb.cix
Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\sdan.exe
C:\Users\Martin\AppData\Local\Temp\sdapk.exe
C:\Users\Martin\AppData\Local\Temp\sdaspwn.exe
C:\Users\Martin\AppData\Local\Temp\Setup-Giga1.exe
C:\Users\Martin\AppData\Local\Temp\WEB.DE_MailCheck_FF_WebSetup_sfs_ki20501.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
Code:
ATTFilter LastRegBack: 2015-06-26 15:07
==================== End of log ============================
Bei GMER bekam ich zwei Fehlermeldungen, die wie folgt lauteten: C:\WINDOWS\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. C:\Users\Martin\ntuser.dat: "Obiger Text" Vor Ausführen des GMER Scans habe ich Internet, Antivirus und sonstige Prozesse beendet. Ich hoffe ich habe alle Informationen richtig zusammengetragen. Herzlichen Dank schon vorab für die Mühen und Ihre Zeit! LG Baane |
|
29.06.2015, 07:07
| #2 |
| /// the machine /// TB-Ausbilder    | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
29.06.2015, 20:03
| #3 |
| | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los Alles klar mein Fehler, hatte nur im Kopf man solle seinem eigenen Thread nicht antworten, um nicht das Gefühl zu erwecken das Ganze würde bereits bearbeitet werden.
__________________Das Addition Log ist leider deutlich über 300000 Zeichen lang, d.h. ich muss es aufteilen. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Martin at 2015-06-29 06:17:59
Running from C:\Users\Martin\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-683499341-1041353402-3527594545-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-683499341-1041353402-3527594545-501 - Limited - Disabled)
Martin (S-1-5-21-683499341-1041353402-3527594545-1001 - Administrator - Enabled) => C:\Users\Martin
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader XI - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{2D803279-E321-E6CE-B27D-CD13196FD7CD}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
ArtMoney SE v7.40.5 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.40.5 - System SoftLab)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.0.5.0 - )
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Command and Conquer 3: Tiberium Wars (HKLM-x32\...\Steam App 24790) (Version: - EA Los Angeles)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.0.0 - COMODO)
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
D1400 (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden
D1400_Help (x32 Version: 90.0.235.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
dj_sf_ProductContext (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden
dj_sf_software (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden
dj_sf_software_req (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
DVDFab 8.1.7.8 (17/04/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
Free YouTube to MP3 Converter version 3.12.59.525 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.525 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 07 (HKLM-x32\...\{3EE2F527-F306-49E9-0086-662C337ADD3B}) (Version: - )
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.4.0 - Electronic Arts)
GeekBuddy (HKLM\...\{E98902C5-09AF-487A-AFAE-D4C386F506C0}) (Version: 4.18.121 - Comodo Security Solutions Inc)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet Printer Driver Software (HKLM\...\{7262D84B-A6AA-40D2-B8DE-56B10EE28BE1}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.05.000 - SEGA)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movavi Video Editor 10 (HKLM-x32\...\Movavi Video Editor 10) (Version: 10.2.0 - Movavi)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.)
PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version: - CPUID)
phase-6 2.3.3 (HKLM-x32\...\phase-6) (Version: 2.3.3 - phase-6)
Poladroid (HKLM-x32\...\{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}) (Version: 0.9.6.0 - Poladroid.net)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Schwert und Speer Ultimat (HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Schwert und Speer Ultimat) (Version: - )
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Simulationcraft(x64) version 6.1.2.01 (HKLM-x32\...\{AC025546-B7C5-45A7-B16A-80AE482CBB01}_is1) (Version: 6.1.2.01 - Simulationcraft)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.02.0000 - Electronic Arts)
SPORE™ Süß & Schrecklich Ergänzungs-Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Star Wars(TM): Knights of the Old Republic (TM) (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: - )
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TSLRCM 1.8.1 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 3.57 - UNKNOWN)
Warcraft Logs Uploader (x32 Version: 3.57 - UNKNOWN) Hidden
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.0.0.0 - 1&1 Mail & Media GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version: - Team17 Digital Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
08-06-2015 09:49:41 Removed Java 8 Update 45 (64-bit)
15-06-2015 23:33:43 Geplanter Prüfpunkt
24-06-2015 07:57:49 Geplanter Prüfpunkt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03A8CF97-D768-47B8-AF76-7AB7414FDCF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {11F56EFD-CA88-4F67-8EF4-D5D7478EF6DB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {16DB4709-8924-425B-AF82-3258634D2B0C} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {613D5DDA-C2B0-4509-B56F-8A30E12F581C} - System32\Tasks\{1F44A87C-7151-42FA-AA63-825AF8DCFC7C} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=battle.net --displayname="Battle.net"
Task: {67DDB5D0-C2D2-4151-BD31-56BDFF0D69D5} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {6FDE2293-CB09-483B-8541-13D397BB31AE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {707C964D-4452-41CA-911A-6F03F553846E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {911F4F22-C7EB-4101-BF01-74C277E2D150} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26] (Google Inc.)
Task: {93520BA5-97A4-4B1F-9980-4CEC3E3CB593} - System32\Tasks\{9CBB7376-FECB-4CF2-9328-3A9446A741EE} => pcalua.exe -a "C:\Users\Martin\Desktop\Age of Empires II\DPLAY61A.EXE" -d "C:\Users\Martin\Desktop\Age of Empires II"
Task: {9DC035A1-A0E9-405D-9794-E7B51FC58190} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-10] (COMODO)
Task: {B0342DA8-9259-43D1-B121-059857C43FB6} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {B06942A5-D02F-4193-974E-786E735B8FEC} - System32\Tasks\{8D3C155F-8CDE-478B-9586-69C7C4A4FA69} => pcalua.exe -a "C:\Users\Martin\Desktop\Age of Empires II\UNINSTAL.EXE" -d "C:\Users\Martin\Desktop\Age of Empires II"
Task: {BEB83050-FED7-4B0F-9AE3-395CB9B65C2D} - System32\Tasks\{3D53AAC9-3BB7-4029-832E-415FF26960E0} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {C7A6292C-26F5-4B37-AC94-A43C2CB5578B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-10] (COMODO)
Task: {E5416F4D-6168-46CA-9E75-9236F2DAEAE4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {F74496B4-C62E-4222-B361-E96A2BF9BECC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-21 05:10 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-15 18:39 - 2015-01-09 00:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-06-20 23:07 - 2015-06-20 23:07 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\libcef.dll
2015-06-20 23:07 - 2015-06-20 23:07 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\libGLESv2.dll
2015-06-20 23:07 - 2015-06-20 23:07 - 00909312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\platforms\qwindows.dll
2015-06-20 23:07 - 2015-06-20 23:07 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\libEGL.dll
2015-06-20 23:07 - 2015-06-20 23:07 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\imageformats\qgif.dll
2015-06-20 23:07 - 2015-06-20 23:07 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\imageformats\qico.dll
2015-06-20 23:07 - 2015-06-20 23:07 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\imageformats\qjpeg.dll
2015-06-20 23:07 - 2015-06-20 23:07 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\imageformats\qmng.dll
2015-06-20 23:07 - 2015-06-20 23:07 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\imageformats\qsvg.dll
2015-06-20 23:07 - 2015-06-20 23:07 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\imageformats\qtiff.dll
2015-06-20 23:07 - 2015-06-20 23:07 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\qml\QtQuick.2\qtquick2plugin.dll
2015-06-20 23:07 - 2015-06-20 23:07 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-20 23:07 - 2015-06-20 23:07 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5942\qml\QtQml\Models.2\modelsplugin.dll
2015-06-22 19:48 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 19:48 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-22 19:48 - 2015-06-20 07:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\calc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp120.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID
|
|
29.06.2015, 20:04
| #4 |
| | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los Addition Fortsetzung: Code:
ATTFilter AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdfcoinstaller01009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID
|
|
29.06.2015, 20:06
| #5 |
| | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los Addition Fortsetzung 2: Code:
ATTFilter AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dplaysvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dplayx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpmodemx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpwsockx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCWizard.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netaapl64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbvideo.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Desktop\11125581_879133678841918_1681933074_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\aKBPg9Q_700b.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\Antrag_Ruecktritt_neu.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\aw7b9RB_700b_v1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\CIZASwlUAAAU4Fz.png:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\FLT_SDP3B65535_0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\Forschungsfrage.docx:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\how-to-draw-house-targaryen-house-targaryen-dragon_1_000000015929_5.png:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\kathi konfi.zip:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Desktop\kathi konfi.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\simc-612-02-win64.7z:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Desktop\simc-612-02-win64.7z:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\synced-gaming_launcher_gray.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\U3O8wIm.png:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\yahoo_contacts.csv:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\01 Erstes Ubungsblatt.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\01 Erstes Ubungsblatt.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\01 Introduction.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\01 Introduction.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\04 Viertes Ubungsblatt.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\04 Viertes Ubungsblatt.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\09 2014_11_19_Datenschutz- und Datensicherheit.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\09 2014_11_19_Datenschutz- und Datensicherheit.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\111-Orte-in-Nürnberg.ods:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\11_VL_BA_ESF II_Kap7-I.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\11_VL_BA_ESF II_Kap7-I.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\1_Introduction to IR.ppt:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\1_Introduction to IR.ppt:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\2_Theorie_Hypothesen_M+S I_SoSe15.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\3_VL_BA_ESF II_Kap3.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\3_VL_BA_ESF II_Kap3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ActivePython-2.7.2.5-win64-x64.msi:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\ActivePython-2.7.2.5-win64-x64.msi:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\AdobeAIRInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\AdobeAIRInstaller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\adwcleaner_4.109.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\adwcleaner_4.111.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Altoholic_v6.1.001.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Ankuendigung_Vortrag.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Ankuendigung_Vortrag.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Annahme von Willenserklarungen.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Annahme von Willenserklarungen.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Auctionator_0323.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Audacity - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\BA-MHB-WS-2014-15.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\BA-MHB-WS-2014-15.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Bartender4-4.6.7.zip:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Bartender4-4.6.7.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Bartender4-4.6.8.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Battle.net-Setup-deDE(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Battle.net-Setup-deDE.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Battle.net-Setup-deDE.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\BGH NJW 2014, 1805.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\BGH NJW 2014, 1805.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Chronik 1970-1995.online.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Chronik 1970-1995.online.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.0.15 (1).zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.0.15.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.1.0.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.1.4.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.1.8.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.2.0.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Defogger.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Defogger.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Der Verbraucherbegriff nach der Umsetzung der Verbraucherrechterichtlinie.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Der Verbraucherbegriff nach der Umsetzung der Verbraucherrechterichtlinie.pdf:$CmdZnID
|
|
29.06.2015, 20:07
| #6 |
| | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los Addition letzter Teil: Code:
ATTFilter AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 1 mit Losung.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 1 mit Losung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 12 mit Losung.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 12 mit Losung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 14 mit Losung.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 14 mit Losung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\elvui-7.86.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\elvui-8.10.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap1-2.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap1-2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2a3-Wdh.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2a3-Wdh.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap3.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ExRT3440.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.10.0.1_win32-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.10.1.1_win32-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.10.3_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.11.0.1_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.11.0.2_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Firefox_Setup_36.0.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Firefox_Setup_36.0.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\FLT_SDP3B65535_0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag GfK Siegfried Hogl.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag GfK Siegfried Hogl.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag PaG Helen Saade a Andreas Onnen.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag PaG Helen Saade a Andreas Onnen.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\foxyproxy_standard-4.5-sm_tb_fx (1).zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\foxyproxy_standard-4.5-sm_tb_fx.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen-Ökonometrie-Kapitel-4.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen-Ökonometrie-Kapitel-4.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundwissen Bereicherungsrecht Grundtypen der Kondiktionen.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundwissen Bereicherungsrecht Grundtypen der Kondiktionen.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Hohmeyer_Wolff 2010_uebung7.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Hohmeyer_Wolff 2010_uebung7.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung3.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung4.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung4.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 2.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 3.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 4.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 4.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 5.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 5.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 9.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 9.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel Nr. 14.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel Nr. 14.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\kauf_828948_94ea886e901a.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Klausur 10ECTS.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Klausur 10ECTS.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Klausur WS 2010_11.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Klausur WS 2010_11.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Klausurvorbereitung WS14_15.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Klausurvorbereitung WS14_15.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\kw_09_08.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\kw_09_08.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Lerneinheit 1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Lerneinheit 1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\LOL_OPGG_Observer_2125424600_spectate.bat:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Losungshinweise Tutoriumseinheit 1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Losungshinweise Tutoriumseinheit 1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\MasterPlan-0.33.zip:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\MasterPlan-0.33.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\MasterPlan-0.60.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Mathe-Leitfaden.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Mathe-Leitfaden.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ME09-HMM.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\ME09-HMM.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Merkblatt_BA.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Merkblatt_BA.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\MikroWiSe0910_ProbeklausurLsg.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\MikroWiSe0910_ProbeklausurLsg.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\MinecraftInstaller.msi:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.jar:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.jar:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\MovaviVideoEditorSetupC.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Münch0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\natuerlicherLogarithmus.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\natuerlicherLogarithmus.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\PO_Bachelorstudiengaenge_JULI2014.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\PO_Bachelorstudiengaenge_JULI2014.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht-1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht-1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Probeklausur_Absatz.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Probeklausur_Absatz.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\PuTTY - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\rcsetup151_slim.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Rechenweg Markov-Modell.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Rechenweg Markov-Modell.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SG TCP Optimizer - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SilverDragon-v3.1.5.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64 (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-02-Win64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-02-Win64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-07-Win64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-07-Win64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-612-01-Win64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-612-01-Win64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Skada-1.4-29.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Skada-1.4-30.zip:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Skada-1.4-30.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SkypeSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\SkypeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_0.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_2.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_3.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_4.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_4.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_5.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_5.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Stata Einfuehrung.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Stata Einfuehrung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\statistik_i_5b.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\studbesch_51F4B0EB5169D943B9D28A074E0B21AB.cit-prod-tomcat4.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SUPERAntiSpyware.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\SUPERAntiSpyware.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\TellMeWhen-7.3.1.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ThogarAssist-v6.0.3-9.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\TidyPlates_6_16_1.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Tor Browser Paket - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\torbrowser-install-4.0.4_de.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\torbrowser-install-4.0.4_de.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Tutoriumsskript.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Tutoriumsskript.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubersicht Willenserklarung.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubersicht Willenserklarung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 7.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 7.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\uebungsskript_deskriptivstatistik_teil_v.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\uebungsskript_deskriptivstatistik_teil_v.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\uetraeger_CEE4D33C2C43F20F6D37F228BA04ADA9.cit-prod-tomcat8.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\uetraeger_CEE4D33C2C43F20F6D37F228BA04ADA9.cit-prod-tomcat8.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\vkw01_jaeckel.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\VWL_SP.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\VWL_SP.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\warcraftlogs.air:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\WeakAuras-2.1.0.3.zip:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\WeakAuras-2.1.0.3.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\WIM-3.6.26.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\WI_SP.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\WI_SP.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\yab.pdf:$CmdZnID
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 8.8.8.8
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: BBUpdate => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CLPSLauncher => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpqcxs08 => 3
MSCONFIG\Services: hpqddsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TapiSrv => 3
HKLM\...\StartupApproved\StartupFolder: => "phase-6 Reminder.lnk"
HKLM\...\StartupApproved\Run: => "CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "icq"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{02D57F51-8721-43AC-9355-AC8974F0F22E}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{39EBE1F9-B99F-4E57-A5E3-D62B0C2BCF02}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{0DCBD549-6F91-4DF7-B836-FF9628497B16}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{FBCFE49C-8A63-411A-8BE5-0A6D3DB2F36B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{90CA87E5-157E-494E-9355-DF672FFDB890}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{2FA9B299-DFE8-41CD-AEAB-5A17A3C24E80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{A9C6B674-AEC7-437E-8F66-BBDE4452FBC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{1D33D7D0-AB4B-46AA-97FD-1FF2B9DD0A1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{5EE15B18-3207-4DDD-A976-DC43052C0A23}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7AA757CE-122F-4080-B777-83ED413F2EAB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{DA10CD7D-0F14-4AD1-9DB9-15B02C9C0A10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C4DA08AB-C471-4CFD-BD01-45666B1A3DA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{3806AE6A-905D-4E92-B896-26C0A31CFA8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{680C0A7D-B498-48C6-BDCF-C7398C1E1A25}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{49CE7598-A5B8-4583-8652-A0C26A48A510}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{303D534E-28D4-4291-B3A4-EA926A4409C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{127FAB27-1219-427A-82DF-CE36D947AE1A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{ADB36031-1001-48FC-B5FC-951C11D82717}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EDEE1807-4F04-4563-A103-2750D7FD175E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{6AD0F808-A318-4320-894E-FE85A50CA8ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{6A1CF1E4-4EA6-40D4-9414-DF30E202263C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{74AAFFF7-279F-46FC-AC77-72363C337B35}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{16D8F0D2-30D4-4F17-A129-625C0AA1FA1E}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{88FE9E0E-8B74-4769-99C6-92C205DE5B63}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{0B0FE71F-FBFB-4A40-A22D-CED211C4D614}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{004DA7F5-C6F2-4CBC-BE57-4F04AB43B916}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{1FF83A51-E093-4276-B60F-67F513D9E8B3}] => (Allow) C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{14DBD80B-5884-4BF8-B6A0-EA2D5F0A7983}] => (Allow) C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [UDP Query User{F54B3F50-8DF3-4652-9BAA-B7DDF09DA187}C:\sierra\empire earth\empire earth.exe] => (Block) C:\sierra\empire earth\empire earth.exe
FirewallRules: [TCP Query User{0C62ED83-576D-457A-B7C0-A088E3EA3EC7}C:\sierra\empire earth\empire earth.exe] => (Block) C:\sierra\empire earth\empire earth.exe
FirewallRules: [{316D42C9-B326-4EEB-B44E-18793AE48082}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{CCEB3FCE-7535-4796-8BAF-C5FB36AC6E35}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{392CEE40-8F43-4093-97AA-800C2FE046D6}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{E519B489-A61F-464F-A124-E9A03495E6DC}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{9DBBB315-5690-4D84-B9B1-5710BB63AD1F}C:\users\martin\desktop\age of empires ii\empires2.exe] => (Allow) C:\users\martin\desktop\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{1C597B41-EB89-48C9-9D97-6420B831FB68}C:\users\martin\desktop\age of empires ii\empires2.exe] => (Allow) C:\users\martin\desktop\age of empires ii\empires2.exe
FirewallRules: [{AD4DFDF2-9BB2-4667-9AAA-8FC23F15705F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FF5BCB0F-472B-4E53-89BA-74301083D8E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{57D1A7B3-8418-4E14-AF88-92FEF5CBFF84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{20E9758E-58EC-46AB-8D2F-FBB1660753FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{7CA94948-D896-4A24-B500-8635CC843B88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [UDP Query User{1A7E808A-E3FC-494B-8EFF-E189AF6C23D1}C:\programdata\battle.net\agent\agent.1544\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1544\agent.exe
FirewallRules: [TCP Query User{6CCE4378-FF17-41FA-AC7B-79869D9C399B}C:\programdata\battle.net\agent\agent.1544\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1544\agent.exe
FirewallRules: [{017312AA-990D-4692-92D4-1E52DF0CF2D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\panfa6\counter-strike source\hl2.exe
FirewallRules: [{FAA7DE77-8B26-453B-8B30-A397AFE21C85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\panfa6\counter-strike source\hl2.exe
FirewallRules: [{BF8F0F0B-4922-4486-9C3E-B01A23FA8832}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F48413D-58DF-4D26-95C0-E17E9BB977CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ACB6E90E-C40C-41A8-BA8E-3BC3B84BD69F}] => (Allow) C:\Users\Martin\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{F30936EF-F6CF-49FC-B956-2E79BBE9596C}] => (Allow) C:\Users\Martin\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{CE05D2C9-A416-4F88-A6C6-06094A9DC88A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{E42A538C-813C-4601-B233-E0E85EB432C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [UDP Query User{21A5FFF9-3EEA-4A9F-9FAC-72404907F704}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [TCP Query User{C20AA7FF-44FF-4C08-8A6E-1836B5FB2F40}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [{132E2013-3982-42B1-94B6-6DE7997AAEE0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{E305D310-F8CF-4388-B03A-BC8EDFC50195}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{0E77881C-D498-41E4-AA64-363B76DA1842}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{48B81B0A-2D7C-494B-8F41-84915939ED39}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{647F9546-8E20-4F1C-87D6-3104050C7FF4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E52C813F-E311-44E1-9DB5-A0919633E0BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0BAA4276-8EDD-4075-A529-01B57A915004}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7A0FB5D1-6E28-4C2E-B53C-E423B9985F38}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1E556905-A747-4C78-92E0-574F71E9E68D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F66F3367-4F79-4B43-9895-6F16639B14E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{D0DB1B0E-F898-49A3-A4ED-B6848B73CAAD}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [UDP Query User{384533A7-3315-4188-9247-39FA9D0AA920}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [{6EAD6FBE-7231-49CE-A226-AAB9D82FD8BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{B4712EF8-87AF-482F-AE68-27B5A9F6BEA7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{E5C663FA-14C0-4A0A-80AA-7127CA2ACCA3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B7BEC7B2-B43C-4DB0-8DF8-2AAB2AED4A32}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{962C5C41-08F0-45FB-990B-10CA0D7148CD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{C69CA34E-EB7F-4AF7-A3C0-F495E661178B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{D274668E-31F5-4F51-AD80-CDE8FDFCB6F8}E:\worms\steamapps\common\worms armageddon\wa.exe] => (Allow) E:\worms\steamapps\common\worms armageddon\wa.exe
FirewallRules: [UDP Query User{36EB450B-38BF-495B-8657-251BAB95425D}E:\worms\steamapps\common\worms armageddon\wa.exe] => (Allow) E:\worms\steamapps\common\worms armageddon\wa.exe
FirewallRules: [{95E5B99A-85EB-4A20-956C-B521D2C3572D}] => (Block) E:\worms\steamapps\common\worms armageddon\wa.exe
FirewallRules: [{C58AB113-FBC1-4E43-BF27-29389EEA65D3}] => (Block) E:\worms\steamapps\common\worms armageddon\wa.exe
FirewallRules: [TCP Query User{D5536BF9-78D2-472E-A58A-A382742F099A}C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{CD626AB9-EA54-483B-9960-73191AE832CC}C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{CFCEE9D2-ABC3-47BB-9FC4-859F44B2C050}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{D1EB3061-FC2A-451E-BB97-44A1E53560FD}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{300E592E-F3C0-4493-9395-4C581ABF1662}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{60F50F99-1506-4B8D-AA01-E7CA45347A42}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{95E8E020-EE04-4EB7-8D0B-2731955A9B7E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A660151-1DAC-4011-B0E4-8F427F0E353C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7F1C0906-B7F2-434D-AE7E-1163E8AD8E84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{239FA175-4E42-431E-A03F-6BE1C07EAA56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40918112-C08B-4B28-9289-A7D0AB6B9C43}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A93F574D-3825-4AF8-B679-4E634D7012AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6FBC854D-003E-49F0-B283-5FE2D0671862}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF0C41C7-03E3-43C2-B154-82FA0A25BCDA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe
FirewallRules: [{61569E20-01D1-4E3A-81F1-E086C5244365}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe
FirewallRules: [{79434C34-E8F0-4B02-A056-722D3BCEC498}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{E647FDC6-6027-439D-A4CC-6D7693988E15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{300D65B0-A1D7-4988-AB3C-88719DDC17E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/29/2015 00:41:36 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0
Error: (06/29/2015 00:41:27 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/27/2015 11:24:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 3.1.2000.0, Zeitstempel: 0x545adf9d
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec180
ID des fehlerhaften Prozesses: 0x1600
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5
Error: (06/27/2015 01:02:03 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/26/2015 08:19:28 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe
Error: (06/26/2015 00:12:14 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/26/2015 03:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 43.0.2357.130, Zeitstempel: 0x5584c777
Name des fehlerhaften Moduls: delegate_execute.exe, Version: 43.0.2357.130, Zeitstempel: 0x5584c777
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002aaef
ID des fehlerhaften Prozesses: 0x4168
Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0
Pfad der fehlerhaften Anwendung: delegate_execute.exe1
Pfad des fehlerhaften Moduls: delegate_execute.exe2
Berichtskennung: delegate_execute.exe3
Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5
Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm FUSSBALL MANAGER 13 wurde wegen dieses Fehlers geschlossen.
Programm: FUSSBALL MANAGER 13
Datei:
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0
Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Manager13.exe, Version: 1.0.4.0, Zeitstempel: 0x026d3040
Name des fehlerhaften Moduls: Manager13.exe, Version: 1.0.4.0, Zeitstempel: 0x026d3040
Ausnahmecode: 0xc000001d
Fehleroffset: 0x014f5fb0
ID des fehlerhaften Prozesses: 0x2c1c
Startzeit der fehlerhaften Anwendung: 0xManager13.exe0
Pfad der fehlerhaften Anwendung: Manager13.exe1
Pfad des fehlerhaften Moduls: Manager13.exe2
Berichtskennung: Manager13.exe3
Vollständiger Name des fehlerhaften Pakets: Manager13.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Manager13.exe5
Error: (06/25/2015 09:24:56 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
System errors:
=============
Error: (06/29/2015 00:41:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: microsoft.windowscommunicationsapps
Error: (06/29/2015 00:41:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingFoodAndDrink
Error: (06/29/2015 00:41:06 AM) (Source: DCOM) (EventID: 10010) (User: Koppmann)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (06/29/2015 00:40:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingNews
Error: (06/29/2015 00:40:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingTravel
Error: (06/29/2015 00:40:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingWeather
Error: (06/29/2015 00:40:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.SkypeApp
Error: (06/29/2015 00:40:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingFinance
Error: (06/29/2015 00:40:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingHealthAndFitness
Error: (06/29/2015 00:40:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingSports
Microsoft Office:
=========================
Error: (06/29/2015 00:41:36 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0
Error: (06/29/2015 00:41:27 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/27/2015 11:24:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe3.1.2000.0545adf9dntdll.dll6.3.9600.17736550f4336c000014200000000000ec180160001d0b11f998b4bd2C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\WINDOWS\SYSTEM32\ntdll.dlld8396700-1d12-11e5-819e-3085a99e46fb
Error: (06/27/2015 01:02:03 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/26/2015 08:19:28 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe
Error: (06/26/2015 00:12:14 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/26/2015 03:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe43.0.2357.1305584c777delegate_execute.exe43.0.2357.1305584c777c00000050002aaef416801d0afacb4d5c99bC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\delegate_execute.exef8df3904-1b9f-11e5-819d-3085a99e46fb
Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: FUSSBALL MANAGER 13000000000
Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Manager13.exe1.0.4.0026d3040Manager13.exe1.0.4.0026d3040c000001d014f5fb02c1c01d0af4afb4bbeb4C:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exeC:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exe3d4584eb-1b3e-11e5-819d-3085a99e46fb
Error: (06/25/2015 09:24:56 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
CodeIntegrity Errors:
===================================
Date: 2015-06-29 06:14:06.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-29 06:07:14.055
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-29 04:45:58.055
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-29 03:11:07.895
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-28 18:09:52.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-28 07:06:08.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-28 06:58:01.375
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-28 03:52:33.992
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-28 02:07:54.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-28 01:46:36.524
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 43%
Total physical RAM: 8120.43 MB
Available physical RAM: 4592.79 MB
Total Pagefile: 9875.43 MB
Available Pagefile: 5150.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.56 GB) (Free:377.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B97C5BC3)
Partition: GPT Partition Type.
==================== End of log ============================
|
|
29.06.2015, 20:10
| #7 |
| | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los GMER Teil 1: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-29 06:26:53
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c WDC_WD10 rev.80.0 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Martin\AppData\Local\Temp\awdyqpoc.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960001fbd00 15 bytes [00, A9, F3, 01, 80, 64, 6D, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960001fbd10 11 bytes [00, 91, FC, FF, 00, BF, CA, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\system32\services.exe[744] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7bee60]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 6 bytes {JMP QWORD [RIP+0x79ee10]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x71ee00]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x6fedf0]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7deb50]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x7feb00]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x83e3a0]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x77e380]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3bcc40]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3fca90]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x47bd20]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x87ab50]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x43a910]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4b9d80]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x319ca0]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x376c60]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2d6130]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [69, 00]
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7302b0]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x84c8f0]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 34]
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x88ba20]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x74b4b0]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x328f30]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3baa80]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x37a710]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x3f9ea0]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x88bb10]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x6a9bb0]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x643a10]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7e1080]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x420a30]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x29f0d0]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x236a10]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x62f100]}
.text C:\WINDOWS\system32\svchost.exe[836] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x40e740]}
.text C:\WINDOWS\system32\svchost.exe[880] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\svchost.exe[880] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\svchost.exe[880] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\svchost.exe[880] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\system32\svchost.exe[880] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\system32\svchost.exe[880] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\system32\nvvsvc.exe[1000] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\nvvsvc.exe[1000] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\nvvsvc.exe[1000] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156200d8
.text C:\WINDOWS\system32\nvvsvc.exe[1000] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xaf6ce0]}
.text C:\WINDOWS\system32\nvvsvc.exe[1000] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0xcb5b10]}
.text C:\WINDOWS\system32\nvvsvc.exe[1000] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0xaf4080]}
.text C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7aee60]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 4 bytes [FF, 25, 10, EE]
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetParent + 5 00007ff816201225 1 byte [00]
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x70ee00]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x6eedf0]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7ceb50]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x7eeb00]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x82e3a0]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x76e380]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x86ab50]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [68, 00]
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7202b0]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x83c8f0]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x87ba20]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x73b4b0]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x87bb10]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x699bb0]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x633a10]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7d1080]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x61f100]}
.text C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIf3 00007ff815e74fc0 6 bytes {JMP QWORD [RIP+0x50b070]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIfEx 00007ff815e8fe20 6 bytes {JMP QWORD [RIP+0x350210]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7bee60]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 6 bytes {JMP QWORD [RIP+0x79ee10]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x71ee00]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x6fedf0]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7deb50]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x7feb00]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x83e3a0]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x77e380]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3bcc40]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3fca90]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x47bd20]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x87ab50]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x43a910]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4b9d80]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x319ca0]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x376c60]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2d6130]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [69, 00]
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7302b0]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x84c8f0]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 34]
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x88ba20]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x74b4b0]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x328f30]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3baa80]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x37a710]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x3f9ea0]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x88bb10]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x6a9bb0]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x643a10]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7e1080]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x420a30]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x29f0d0]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x236a10]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x62f100]}
.text C:\WINDOWS\system32\svchost.exe[1244] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x40e740]}
.text C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\System32\svchost.exe[1340] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\System32\svchost.exe[1340] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\System32\svchost.exe[1340] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\System32\svchost.exe[1340] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\System32\svchost.exe[1340] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\System32\svchost.exe[1340] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIf3 00007ff815e74fc0 6 bytes {JMP QWORD [RIP+0x50b070]}
.text C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIfEx 00007ff815e8fe20 6 bytes {JMP QWORD [RIP+0x350210]}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1720] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1720] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1720] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1720] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1720] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1720] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\System32\svchost.exe[1760] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\System32\svchost.exe[1760] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\System32\svchost.exe[1760] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\System32\svchost.exe[1760] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\System32\svchost.exe[1760] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\System32\svchost.exe[1760] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\system32\dashost.exe[1800] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\dashost.exe[1800] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\dashost.exe[1800] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156200d8
.text C:\WINDOWS\system32\dashost.exe[1800] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\system32\dashost.exe[1800] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\system32\dashost.exe[1800] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe[1808] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe[1808] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe[1808] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe[1808] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x5a6ce0]}
.text C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe[1808] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x5e5b10]}
.text C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe[1808] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x5a4080]}
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1868] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1868] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1868] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1868] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1868] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1868] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1108] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1108] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1108] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156200d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1108] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xb06ce0]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1108] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0xdd5b10]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1108] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0xc84080]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7aee60]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 4 bytes [FF, 25, 10, EE]
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetParent + 5 00007ff816201225 1 byte [00]
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x70ee00]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x6eedf0]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7ceb50]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x7eeb00]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x82e3a0]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x76e380]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x86ab50]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [68, 00]
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7202b0]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x83c8f0]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x87ba20]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x73b4b0]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x87bb10]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x699bb0]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x633a10]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7d1080]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x61f100]}
.text C:\WINDOWS\system32\svchost.exe[1452] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2192] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2192] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2192] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156200d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2192] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xb06ce0]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2192] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0xdd5b10]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2192] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0xc84080]}
.text C:\WINDOWS\system32\svchost.exe[2300] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\svchost.exe[2300] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\svchost.exe[2300] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\svchost.exe[2300] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\system32\svchost.exe[2300] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\system32\svchost.exe[2300] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\system32\conhost.exe[2308] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\conhost.exe[2308] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\conhost.exe[2308] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\conhost.exe[2308] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x5a6ce0]}
.text C:\WINDOWS\system32\conhost.exe[2308] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x5e5b10]}
.text C:\WINDOWS\system32\conhost.exe[2308] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x5a4080]}
.text C:\WINDOWS\system32\svchost.exe[2388] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\svchost.exe[2388] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\svchost.exe[2388] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\svchost.exe[2388] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\system32\svchost.exe[2388] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\system32\svchost.exe[2388] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x5a6ce0]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x5e5b10]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x5a4080]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7aee60]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 4 bytes [FF, 25, 10, EE]
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetParent + 5 00007ff816201225 1 byte [00]
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x70ee00]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x6eedf0]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7ceb50]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x7eeb00]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x82e3a0]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x76e380]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x86ab50]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [68, 00]
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7202b0]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x83c8f0]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x87ba20]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x73b4b0]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x87bb10]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x699bb0]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x633a10]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7d1080]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x61f100]}
.text C:\WINDOWS\system32\SearchIndexer.exe[3696] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156200d8
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xaf6ce0]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0xcb5b10]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0xaf4080]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x84ee60]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 6 bytes {JMP QWORD [RIP+0x82ee10]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x7aee00]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x78edf0]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x86eb50]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x88eb00]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x8ce3a0]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x80e380]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x44cc40]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x48ca90]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x6abd20]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x90ab50]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x66a910]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x6e9d80]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x3a9ca0]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x406c60]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x366130]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [72, 00]
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7c02b0]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x8dc8f0]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 3D]
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x91ba20]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x7db4b0]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x3b8f30]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x44aa80]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x40a710]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x489ea0]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x91bb10]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x739bb0]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x6d3a10]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x871080]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x650a30]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x32f0d0]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x2c6a10]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x6bf100]}
.text C:\Program Files\iPod\bin\iPodService.exe[2224] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x63e740]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x336ce0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x375b10]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x334080]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7aee60]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 4 bytes [FF, 25, 10, EE]
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetParent + 5 00007ff816201225 1 byte [00]
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x70ee00]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x6eedf0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7ceb50]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x7eeb00]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x82e3a0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x76e380]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x86ab50]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [68, 00]
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7202b0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x83c8f0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x87ba20]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x73b4b0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x87bb10]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x699bb0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x633a10]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7d1080]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x61f100]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ff815823d80 6 bytes {JMP QWORD [RIP+0x3fc2b0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ff815834a00 6 bytes {JMP QWORD [RIP+0x18b630]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ff815834b70 6 bytes {JMP QWORD [RIP+0x16b4c0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ff815837d30 6 bytes {JMP QWORD [RIP+0x408300]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ff815842e30 6 bytes {JMP QWORD [RIP+0x43d200]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ff815842f40 6 bytes {JMP QWORD [RIP+0x19d0f0]}
.text C:\WINDOWS\System32\dwm.exe[8520] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ff8158a3f30 6 bytes {JMP QWORD [RIP+0x3bc100]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x5a6ce0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x5e5b10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x5a4080]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7aee60]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 4 bytes [FF, 25, 10, EE]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetParent + 5 00007ff816201225 1 byte [00]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x70ee00]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x6eedf0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7ceb50]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x7eeb00]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x82e3a0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x76e380]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x86ab50]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [68, 00]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7202b0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x83c8f0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x87ba20]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x73b4b0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x87bb10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x699bb0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x633a10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7d1080]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x61f100]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ff815823d80 6 bytes {JMP QWORD [RIP+0x4cc2b0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ff815834a00 6 bytes {JMP QWORD [RIP+0x3fb630]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ff815834b70 6 bytes {JMP QWORD [RIP+0x3db4c0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ff815837d30 6 bytes {JMP QWORD [RIP+0x4d8300]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ff815842e30 6 bytes {JMP QWORD [RIP+0x50d200]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ff815842f40 6 bytes {JMP QWORD [RIP+0x40d0f0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7440] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ff8158a3f30 6 bytes {JMP QWORD [RIP+0x48c100]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156200d8
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xcb6ce0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes JMP 0
|
|
29.06.2015, 20:11
| #8 |
| | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los GMER Teil 2: Code:
ATTFilter .text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes JMP 0
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x88ee60]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 6 bytes {JMP QWORD [RIP+0x86ee10]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x7eee00]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x7cedf0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x8aeb50]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x8ceb00]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x90e3a0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x84e380]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x48cc40]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x66ca90]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x6ebd20]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x94ab50]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x6aa910]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x729d80]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x3e9ca0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x446c60]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x3a6130]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [76, 00]
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x8002b0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x91c8f0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 41]
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x95ba20]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x81b4b0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x3f8f30]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x48aa80]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x44a710]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x669ea0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x95bb10]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x779bb0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x713a10]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x8b1080]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x690a30]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x36f0d0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x306a10]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x6ff100]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x67e740]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ff815823d80 6 bytes {JMP QWORD [RIP+0xcec2b0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ff815834a00 6 bytes {JMP QWORD [RIP+0x3fb630]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ff815834b70 6 bytes {JMP QWORD [RIP+0x3db4c0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ff815837d30 6 bytes {JMP QWORD [RIP+0xcf8300]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ff815842e30 6 bytes {JMP QWORD [RIP+0xd2d200]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ff815842f40 6 bytes {JMP QWORD [RIP+0x40d0f0]}
.text C:\WINDOWS\system32\nvvsvc.exe[8424] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ff8158a3f30 6 bytes {JMP QWORD [RIP+0xcac100]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x5a6ce0]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x5e5b10]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x5a4080]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x7aee60]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 4 bytes [FF, 25, 10, EE]
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetParent + 5 00007ff816201225 1 byte [00]
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x70ee00]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x6eedf0]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x7ceb50]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x7eeb00]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x82e3a0]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x76e380]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x86ab50]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [68, 00]
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x7202b0]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x83c8f0]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x87ba20]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x73b4b0]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x87bb10]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x699bb0]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x633a10]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x7d1080]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x61f100]}
.text C:\WINDOWS\system32\taskhostex.exe[3596] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes JMP 0
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes JMP 0
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes JMP 0
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x1d7ee60]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 6 bytes {JMP QWORD [RIP+0x1d5ee10]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x1c2ee00]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x1c0edf0]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x1d9eb50]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x1dbeb00]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x1dfe3a0]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x1c8e380]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes JMP 9d63
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x219ab50]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [BA, 01]
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x1c402b0]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x211c8f0]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x21aba20]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x1c5b4b0]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x21abb10]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x1bb9bb0]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x1b53a10]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x1da1080]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x1b3f100]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ff815823d80 6 bytes {JMP QWORD [RIP+0x4cc2b0]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ff815834a00 6 bytes {JMP QWORD [RIP+0x3fb630]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ff815834b70 6 bytes {JMP QWORD [RIP+0x3db4c0]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ff815837d30 6 bytes JMP 0
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ff815842e30 6 bytes {JMP QWORD [RIP+0x50d200]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ff815842f40 6 bytes {JMP QWORD [RIP+0x40d0f0]}
.text C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ff8158a3f30 6 bytes {JMP QWORD [RIP+0x48c100]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156200d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x5a6ce0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x5e5b10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x5a4080]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x219ee60]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 6 bytes {JMP QWORD [RIP+0x212ee10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x1c2ee00]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x1c0edf0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 4 bytes [FF, 25, 50, EB]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer + 5 00007ff8162014e5 1 byte {JMP 0x1d}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x21deb00]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x221e3a0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x1c8e380]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x3acc40]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x3eca90]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x46bd20]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x225ab50]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x42a910]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x4a9d80]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x309ca0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x366c60]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x2c6130]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [BA, 01]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x1c402b0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x222c8f0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 33]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x226ba20]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x1c5b4b0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x318f30]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x3aaa80]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x36a710]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x3e9ea0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x226bb10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x1bb9bb0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x1b53a10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x21c1080]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes {JMP QWORD [RIP+0x410a30]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x28f0d0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x226a10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x1b3f100]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x3fe740]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ff815823d80 6 bytes {JMP QWORD [RIP+0x4cc2b0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ff815834a00 6 bytes {JMP QWORD [RIP+0x3fb630]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ff815834b70 6 bytes {JMP QWORD [RIP+0x3db4c0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ff815837d30 6 bytes {JMP QWORD [RIP+0x4d8300]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ff815842e30 6 bytes {JMP QWORD [RIP+0x50d200]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ff815842f40 6 bytes {JMP QWORD [RIP+0x40d0f0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7936] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ff8158a3f30 6 bytes {JMP QWORD [RIP+0x48c100]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156200d8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xcb6ce0]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0xe05b10]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0xdc4080]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x227ee60]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 6 bytes {JMP QWORD [RIP+0x225ee10]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x21dee00]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x21bedf0]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x229eb50]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x22beb00]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x22fe3a0]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x223e380]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x48cc40]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes JMP 0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x1c0bd20]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x233ab50]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes JMP 0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x1c49d80]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes {JMP QWORD [RIP+0x3e9ca0]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x446c60]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes {JMP QWORD [RIP+0x3a6130]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [C8, 01]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x21f02b0]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x230c8f0]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 41]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes JMP 0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x220b4b0]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes {JMP QWORD [RIP+0x3f8f30]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x48aa80]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x44a710]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes JMP 0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes JMP 0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x2169bb0]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x1c33a10]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes JMP 0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes JMP 15040000
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes {JMP QWORD [RIP+0x36f0d0]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x306a10]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x209f100]}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6948] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes JMP 0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 11]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 15]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156200d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0xcb6ce0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0xe05b10]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0xdc4080]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ff8162011d0 6 bytes {JMP QWORD [RIP+0x227ee60]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetParent 00007ff816201220 6 bytes JMP 0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ff816201230 6 bytes {JMP QWORD [RIP+0x21dee00]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendInput 00007ff816201240 6 bytes {JMP QWORD [RIP+0x21bedf0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ff8162014e0 6 bytes {JMP QWORD [RIP+0x229eb50]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ff816201530 6 bytes {JMP QWORD [RIP+0x22beb00]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ff816201c90 6 bytes {JMP QWORD [RIP+0x22fe3a0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ff816201cb0 6 bytes {JMP QWORD [RIP+0x223e380]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ff8162033f0 6 bytes {JMP QWORD [RIP+0x48cc40]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ff8162035a0 6 bytes {JMP QWORD [RIP+0x1b8ca90]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ff816204311 5 bytes {JMP QWORD [RIP+0x1c0bd20]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ff8162054e0 6 bytes {JMP QWORD [RIP+0x233ab50]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ff816205720 6 bytes {JMP QWORD [RIP+0x1bca910]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ff8162062b0 6 bytes {JMP QWORD [RIP+0x1c49d80]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ff816206390 6 bytes JMP 370031
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ff8162093d0 6 bytes {JMP QWORD [RIP+0x446c60]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ff816209f00 6 bytes JMP 3e
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ff81620b7f0 3 bytes [FF, 25, 40]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ff81620b7f4 2 bytes [C8, 01]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ff81620fd81 5 bytes {JMP QWORD [RIP+0x21f02b0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ff816213740 6 bytes {JMP QWORD [RIP+0x230c8f0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ff816213c60 5 bytes [FF, 25, D0, C3, 41]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ff816214610 6 bytes {JMP QWORD [RIP+0x234ba20]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ff816214b80 6 bytes {JMP QWORD [RIP+0x220b4b0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ff816217101 5 bytes JMP 2
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ff8162255b0 6 bytes {JMP QWORD [RIP+0x48aa80]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ff816225920 6 bytes {JMP QWORD [RIP+0x44a710]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ff816226190 6 bytes {JMP QWORD [RIP+0x1b89ea0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ff816234520 6 bytes {JMP QWORD [RIP+0x234bb10]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ff816236480 6 bytes {JMP QWORD [RIP+0x2169bb0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ff81623c620 6 bytes {JMP QWORD [RIP+0x1c33a10]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ff81623efb0 6 bytes {JMP QWORD [RIP+0x22a1080]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ff81623f600 6 bytes JMP 0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ff816260f60 6 bytes JMP 36f0d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ff816289620 6 bytes {JMP QWORD [RIP+0x306a10]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ff816290f30 6 bytes {JMP QWORD [RIP+0x209f100]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[828] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ff8162918f0 6 bytes {JMP QWORD [RIP+0x1b9e740]}
.text C:\WINDOWS\system32\GWX\GWX.exe[7172] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ff815688e46 3 bytes [C4, 71, 17]
.text C:\WINDOWS\system32\GWX\GWX.exe[7172] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ff815698ca0 5 bytes [FF, 25, 90, 73, 32]
.text C:\WINDOWS\system32\GWX\GWX.exe[7172] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff81569ef70 5 bytes JMP 00007ff9156700d8
.text C:\WINDOWS\system32\GWX\GWX.exe[7172] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ff8156d9351 5 bytes {JMP QWORD [RIP+0x536ce0]}
.text C:\WINDOWS\system32\GWX\GWX.exe[7172] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ff8156da520 6 bytes {JMP QWORD [RIP+0x575b10]}
.text C:\WINDOWS\system32\GWX\GWX.exe[7172] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ff8156fbfb0 6 bytes {JMP QWORD [RIP+0x534080]}
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [9088:6392] fffff960009312d0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
30.06.2015, 09:46
| #9 |
| /// the machine /// TB-Ausbilder | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.07.2015, 06:21
| #10 |
| | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los Hi schrauber, Hab alles erledigt, Logs folgen: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 01.07.2015 Suchlauf-Zeit: 05:47:23 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.30.08 Rootkit Datenbank: v2015.06.30.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Martin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 486138 Verstrichene Zeit: 35 Min, 33 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 01/07/2015 um 06:43:54
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-06-29.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Martin - KOPPMANN
# Gestarted von : C:\Users\Martin\Downloads\adwcleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\GeekBuddyRSP
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v38.0.5 (x86 de)
-\\ Google Chrome v43.0.2357.130
-\\ Comodo Dragon v31.1.0.0
*************************
AdwCleaner[R0].txt - [2918 Bytes] - [15/04/2014 20:05:25]
AdwCleaner[R1].txt - [1037 Bytes] - [16/04/2014 15:23:00]
AdwCleaner[R2].txt - [1143 Bytes] - [17/04/2014 17:36:33]
AdwCleaner[R3].txt - [2768 Bytes] - [27/01/2015 01:26:32]
AdwCleaner[R4].txt - [1450 Bytes] - [26/02/2015 15:30:47]
AdwCleaner[R5].txt - [1785 Bytes] - [01/07/2015 06:36:19]
AdwCleaner[R6].txt - [1842 Bytes] - [01/07/2015 06:41:17]
AdwCleaner[S0].txt - [2736 Bytes] - [15/04/2014 20:06:45]
AdwCleaner[S1].txt - [1099 Bytes] - [16/04/2014 15:37:10]
AdwCleaner[S2].txt - [3395 Bytes] - [27/01/2015 01:29:20]
AdwCleaner[S3].txt - [1718 Bytes] - [01/07/2015 06:43:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1777 Bytes] ##########
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Martin (administrator) on KOPPMANN on 01-07-2015 07:18:24
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin (Available Profiles: Martin & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-11-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-11-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-10] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-06-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-06-20] (Apple Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-01-28] (Apple Inc.)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-01-28] (Apple Inc.)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-11] (SUPERAntiSpyware)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-04-25]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2013-11-20]
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-08] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-08] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B79355F-0C5D-4A23-87FC-1205805516AD}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0B79355F-0C5D-4A23-87FC-1205805516AD}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\donottrackplus@abine.com [2015-06-22]
FF Extension: FoxyProxy Standard - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\foxyproxy@eric.h.jung [2015-06-22]
FF Extension: Flashblock - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-06-22]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-22]
FF Extension: anonymoX - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\client@anonymox.net.xpi [2015-06-22]
FF Extension: NoScript - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-22]
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\94mtc035.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-22]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-22]
Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-26]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-26]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-26]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-26]
CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-26]
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Martin\AppData\LocalLow\proxtube\CHROME\proxtube.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-11] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-06-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-29] (Microsoft Corporation)
S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-10] (COMODO)
S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2012-11-28] (DTS)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-12-12] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-07-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-12-12] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-03] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswnet; C:\Windows\System32\Drivers\aswnet.sys [468144 2013-01-21] (AVAST Software)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [40224 2012-09-21] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2015-01-17] (CPUID)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-11-03] (LogMeIn Inc.)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-07-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-07-01] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-12-12] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-29] (Microsoft Corporation)
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 07:18 - 2015-07-01 07:18 - 00016067 _____ C:\Users\Martin\Downloads\FRST.txt
2015-07-01 06:52 - 2015-07-01 06:52 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-KOPPMANN-Windows-8.1-(64-bit).dat
2015-07-01 06:52 - 2015-07-01 06:52 - 00000000 ____D C:\RegBackup
2015-07-01 05:46 - 2015-07-01 05:46 - 02950701 _____ (Malwarebytes Corporation) C:\Users\Martin\Downloads\JRT.exe
2015-07-01 05:46 - 2015-07-01 05:46 - 02244096 _____ C:\Users\Martin\Downloads\AdwCleaner_4.207.exe
2015-07-01 05:45 - 2015-07-01 05:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-30 23:33 - 2015-06-30 23:33 - 00016800 ____R C:\Users\Martin\Desktop\KFZA-Kurzpaper.odt
2015-06-29 06:21 - 2015-06-29 06:21 - 00380416 _____ C:\Users\Martin\Downloads\Gmer-19357.exe
2015-06-29 06:16 - 2015-07-01 07:18 - 00000000 ____D C:\Users\Martin\Desktop\TrojanerBoard
2015-06-29 06:16 - 2015-07-01 07:18 - 00000000 ____D C:\FRST
2015-06-29 06:15 - 2015-06-29 06:15 - 02112512 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2015-06-29 06:14 - 2015-06-29 06:14 - 00050477 _____ C:\Users\Martin\Downloads\Defogger.exe
2015-06-29 06:14 - 2015-06-29 06:14 - 00000000 _____ C:\Users\Martin\defogger_reenable
2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Movavi
2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Movavi
2015-06-28 04:36 - 2015-06-28 04:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Deshaker
2015-06-28 04:35 - 2015-06-28 04:35 - 00001132 _____ C:\Users\Public\Desktop\Movavi Video Editor 10.lnk
2015-06-28 04:35 - 2015-06-28 04:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 10
2015-06-28 04:34 - 2015-06-28 04:35 - 00000000 ____D C:\Program Files (x86)\Movavi Video Editor 10
2015-06-28 04:33 - 2015-06-28 04:33 - 00005005 _____ C:\ProgramData\wmzddnmb.cix
2015-06-28 04:33 - 2015-06-28 04:33 - 00000000 ____D C:\ProgramData\Movavi Video Editor 10
2015-06-28 04:31 - 2015-06-28 04:32 - 122618720 _____ (Movavi) C:\Users\Martin\Downloads\MovaviVideoEditorSetupC.exe
2015-06-28 03:59 - 2015-06-28 04:26 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel Teamspeak
2015-06-27 20:08 - 2015-06-27 20:08 - 06477032 _____ (Tim Kosse) C:\Users\Martin\Downloads\FileZilla_3.11.0.2_win64-setup.exe
2015-06-27 14:44 - 2015-06-27 14:44 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft Logs Uploader.lnk
2015-06-27 14:44 - 2015-06-27 14:44 - 00001023 _____ C:\Users\Public\Desktop\Warcraft Logs Uploader.lnk
2015-06-27 14:44 - 2015-06-27 14:44 - 00000000 ____D C:\Program Files (x86)\Warcraft Logs Uploader
2015-06-27 14:42 - 2015-06-27 14:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-06-27 14:42 - 2015-06-27 14:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-06-27 14:20 - 2015-06-27 14:20 - 18054744 _____ (Adobe Systems Inc.) C:\Users\Martin\Downloads\AdobeAIRInstaller.exe
2015-06-27 14:20 - 2015-06-27 14:20 - 01371985 _____ C:\Users\Martin\Downloads\warcraftlogs.air
2015-06-25 10:48 - 2015-06-25 10:48 - 00098110 _____ C:\Users\Martin\Downloads\MasterPlan-0.60.zip
2015-06-25 09:48 - 2015-06-25 15:45 - 00000000 ____D C:\Users\Martin\Desktop\AltesIphoneFinal2015
2015-06-24 14:44 - 2015-06-24 14:44 - 02528274 _____ C:\Users\Martin\Downloads\DBM-Core-6.2.0.zip
2015-06-24 07:07 - 2015-06-24 07:33 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel Screens
2015-06-22 02:34 - 2015-07-01 05:46 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-22 02:26 - 2015-06-22 02:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup(1).exe
2015-06-22 00:15 - 2015-06-22 00:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup.exe
2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Users\Martin\Downloads\Malwarebytes-Anti-Malware
2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Browser-Security
2015-06-22 00:02 - 2015-06-22 00:02 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2015-06-20 04:05 - 2015-06-20 04:05 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-20 04:05 - 2015-06-20 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files\iTunes
2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files\iPod
2015-06-20 04:04 - 2015-06-20 04:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-06-19 19:57 - 2015-06-19 19:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
2015-06-15 20:07 - 2015-06-15 20:07 - 00000000 _____ C:\Users\Martin\Desktop\Neues Textdokument.txt
2015-06-10 21:36 - 2015-06-10 21:36 - 00202295 _____ C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip
2015-06-10 21:31 - 2015-06-13 20:10 - 00018012 _____ C:\Users\Martin\Desktop\ChamaleonOffbeat.aup
2015-06-10 21:31 - 2015-06-10 21:31 - 00031037 _____ C:\Users\Martin\Desktop\ChamaleonOffbeatSIcherung.aup
2015-06-10 21:31 - 2015-06-10 21:31 - 00000000 ____D C:\Users\Martin\Desktop\ChamaleonOffbeatSIcherung_data
2015-06-10 21:31 - 2015-06-10 21:31 - 00000000 ____D C:\Users\Martin\Desktop\ChamaleonOffbeat_data
2015-06-10 20:37 - 2015-06-10 20:37 - 00001548 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-06-10 20:37 - 2015-06-10 20:37 - 00001257 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-06-10 20:37 - 2015-06-10 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-06-10 20:36 - 2015-06-10 20:36 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-06-10 20:35 - 2015-06-10 20:35 - 36127464 _____ (DVDVideoSoft Ltd. ) C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe
2015-06-10 20:33 - 2015-06-10 20:33 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-06-10 20:33 - 2015-06-10 20:33 - 00001019 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-06-10 20:33 - 2015-06-10 20:33 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-06-10 20:29 - 2015-06-10 20:29 - 01197344 _____ C:\Users\Martin\Downloads\Audacity - CHIP-Installer.exe
2015-06-10 20:10 - 2015-06-24 15:35 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-10 20:10 - 2015-06-24 15:35 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 15:44 - 2015-06-10 15:44 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 15:44 - 2015-06-10 15:44 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 15:44 - 2015-06-10 15:44 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 15:44 - 2015-06-10 15:44 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 15:44 - 2015-06-10 15:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 15:44 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 15:44 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 15:44 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 15:43 - 2015-06-10 15:43 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-09 01:51 - 2015-06-09 01:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-09 01:50 - 2015-06-09 01:50 - 13095136 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\Silverlight_x64 (1).exe
2015-06-09 01:41 - 2015-06-09 01:42 - 13095136 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\Silverlight_x64.exe
2015-06-08 18:48 - 2015-06-08 18:48 - 00000000 ____D C:\Users\Martin\AppData\Local\GWX
2015-06-08 09:56 - 2015-06-25 23:04 - 00000000 ____D C:\Users\Martin\AppData\Roaming\.minecraft
2015-06-08 09:55 - 2015-06-08 10:06 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-06-08 09:55 - 2015-06-08 09:55 - 02314240 _____ C:\Users\Martin\Downloads\MinecraftInstaller.msi
2015-06-08 09:55 - 2015-06-08 09:55 - 00000973 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-06-08 09:55 - 2015-06-08 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-06-08 09:54 - 2015-06-08 09:54 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-06-08 09:54 - 2015-06-08 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-08 09:54 - 2015-06-08 09:54 - 00000000 ____D C:\Program Files\Java
2015-06-08 09:48 - 2015-06-08 09:48 - 01197344 _____ C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2015-06-07 18:29 - 2015-06-07 18:29 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-07 18:29 - 2015-06-07 18:29 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-03 20:35 - 2015-06-03 20:35 - 01594655 _____ C:\Users\Martin\Downloads\ExRT3440.zip
2015-06-03 07:07 - 2015-06-03 07:07 - 00007194 _____ C:\Users\Martin\Desktop\readme.html
2015-06-03 07:06 - 2015-06-03 07:06 - 06471520 _____ (Tim Kosse) C:\Users\Martin\Downloads\FileZilla_3.11.0.1_win64-setup.exe
2015-06-02 02:07 - 2015-06-02 02:07 - 00733320 _____ C:\Users\Martin\Khuz06.02.html
2015-06-02 02:07 - 2015-06-02 02:07 - 00000561 _____ C:\Users\Martin\Desktop\Khuz06.02.html.lnk
2015-06-01 23:10 - 2015-06-02 02:06 - 00000000 ____D C:\Users\Martin\Desktop\simc-612-02-win64
2015-06-01 23:09 - 2015-06-01 23:09 - 32565970 _____ C:\Users\Martin\Desktop\simc-612-02-win64.7z
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 07:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-01 07:17 - 2014-10-21 05:10 - 01940654 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-01 07:14 - 2012-12-13 15:21 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-07-01 07:03 - 2015-01-13 18:30 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-01 07:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-01 06:47 - 2014-04-26 14:55 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 06:46 - 2014-04-26 14:55 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 06:45 - 2014-10-21 05:10 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-01 06:45 - 2013-08-22 16:46 - 00440496 _____ C:\WINDOWS\setupact.log
2015-07-01 06:45 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-01 06:44 - 2013-08-22 16:44 - 00363608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-01 06:44 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-01 06:43 - 2014-04-15 20:05 - 00000000 ____D C:\AdwCleaner
2015-07-01 06:34 - 2015-02-25 16:32 - 00000000 ____D C:\Users\Martin\AppData\Local\Battle.net
2015-07-01 06:23 - 2012-11-28 11:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-683499341-1041353402-3527594545-1001
2015-07-01 05:46 - 2014-04-17 17:29 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-01 05:46 - 2014-04-17 17:28 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-01 05:46 - 2014-04-17 17:28 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-01 05:46 - 2014-04-17 17:28 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-01 05:46 - 2014-04-17 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-01 05:46 - 2014-04-17 17:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-01 04:14 - 2015-05-16 23:00 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-06-30 23:28 - 2012-12-18 20:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\TS3Client
2015-06-29 23:53 - 2015-02-25 16:32 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-29 06:14 - 2014-10-21 05:20 - 00000000 ____D C:\Users\Martin
2015-06-28 04:42 - 2013-01-07 20:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2015-06-27 20:09 - 2014-11-10 18:30 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FileZilla
2015-06-27 14:44 - 2012-12-13 14:40 - 00000000 ____D C:\ProgramData\Adobe
2015-06-27 14:44 - 2012-11-28 10:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Adobe
2015-06-27 14:42 - 2012-12-15 01:20 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe
2015-06-27 14:42 - 2012-12-15 01:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-26 20:20 - 2014-11-09 03:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-26 14:45 - 2014-09-23 23:06 - 00021992 _____ C:\WINDOWS\PFRO.log
2015-06-26 12:18 - 2013-01-21 05:46 - 00000000 ____D C:\Users\Martin\Desktop\World of Warcraft
2015-06-25 16:05 - 2014-11-06 20:55 - 00000600 _____ C:\Users\Martin\AppData\Local\PUTTY.RND
2015-06-25 15:23 - 2013-11-05 18:27 - 00000000 ____D C:\ProgramData\Origin
2015-06-25 10:26 - 2015-02-12 09:52 - 00000000 ____D C:\Users\Martin\Desktop\Nudeanna
2015-06-24 20:05 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-24 07:09 - 2014-09-24 14:11 - 00000000 ____D C:\Users\Martin\Desktop\la fotografia
2015-06-24 04:40 - 2015-02-05 05:24 - 00067082 _____ C:\Users\Martin\Desktop\Email1.odt
2015-06-24 04:15 - 2015-03-01 18:51 - 00000000 ____D C:\Users\Martin\Desktop\Tor Browser
2015-06-23 19:03 - 2015-01-13 18:30 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-22 00:02 - 2015-04-24 00:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-20 04:08 - 2015-04-21 13:59 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-683499341-1041353402-3527594545-500
2015-06-20 04:05 - 2012-08-21 13:01 - 00125872 _____ (GEAR Software Inc.) C:\WINDOWS\system32\GEARAspi64.dll
2015-06-20 04:05 - 2012-08-21 13:01 - 00106928 _____ (GEAR Software Inc.) C:\WINDOWS\SysWOW64\GEARAspi.dll
2015-06-20 04:04 - 2013-05-16 12:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-18 01:11 - 2014-12-12 01:19 - 00948588 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-06-17 22:39 - 2014-09-24 08:17 - 02129096 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-17 22:39 - 2014-09-24 07:43 - 01025754 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-17 22:39 - 2014-09-24 07:43 - 00245418 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-17 00:44 - 2014-05-01 16:16 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-06-13 20:10 - 2013-01-31 03:47 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Audacity
2015-06-11 01:40 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-10 20:37 - 2013-01-07 20:12 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2015-06-10 20:36 - 2013-01-07 20:12 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DVDVideoSoft
2015-06-10 18:53 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 18:52 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 18:48 - 2013-09-18 11:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 18:41 - 2012-12-12 22:46 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-08 09:39 - 2015-03-01 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-08 09:38 - 2015-04-16 02:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-08 09:38 - 2014-09-24 09:43 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-08 09:03 - 2015-01-28 00:21 - 00000000 ____D C:\Users\Martin\Desktop\Schattenspiel.Server
2015-06-08 08:56 - 2014-09-25 16:48 - 00000000 ____D C:\ProgramData\Oracle
2015-06-05 15:36 - 2014-03-25 20:22 - 00820928 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-06-05 15:36 - 2014-03-25 20:22 - 00126696 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-06-05 15:36 - 2014-03-25 20:22 - 00035056 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-06-05 15:36 - 2014-03-25 20:22 - 00020672 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-06-05 15:34 - 2014-03-25 20:22 - 00576824 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-06-05 15:34 - 2014-03-25 20:22 - 00444448 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-06-05 15:34 - 2014-03-25 20:22 - 00041224 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-06-05 15:33 - 2014-03-25 20:22 - 00358080 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-06-05 15:32 - 2014-03-25 20:22 - 00045760 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-06-05 15:31 - 2014-03-25 20:22 - 00288448 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-06-05 15:31 - 2014-03-25 20:22 - 00040640 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-06-04 17:45 - 2014-06-22 17:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\SimulationCraft
2015-06-03 00:54 - 2013-11-05 18:28 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Origin
2015-06-03 00:53 - 2013-11-05 18:26 - 00000000 ____D C:\Program Files (x86)\Origin
==================== Files in the root of some directories =======
2013-06-03 18:24 - 2013-06-03 19:16 - 0000474 _____ () C:\Users\Martin\AppData\Roaming\Poladroid prefs.plist
2014-11-06 20:55 - 2015-06-25 16:05 - 0000600 _____ () C:\Users\Martin\AppData\Local\PUTTY.RND
2015-05-31 02:08 - 2015-05-31 02:08 - 0000874 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2014-04-15 20:00 - 2014-04-15 20:00 - 0000017 _____ () C:\Users\Martin\AppData\Local\resmon.resmoncfg
2013-04-25 13:58 - 2014-11-09 02:51 - 0001809 _____ () C:\ProgramData\hpzinstall.log
2015-06-28 04:33 - 2015-06-28 04:33 - 0005005 _____ () C:\ProgramData\wmzddnmb.cix
Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\Quarantine.exe
C:\Users\Martin\AppData\Local\Temp\sdan.exe
C:\Users\Martin\AppData\Local\Temp\sdapk.exe
C:\Users\Martin\AppData\Local\Temp\sdaspwn.exe
C:\Users\Martin\AppData\Local\Temp\Setup-Giga1.exe
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll
C:\Users\Martin\AppData\Local\Temp\WEB.DE_MailCheck_FF_WebSetup_sfs_ki20501.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-01 07:13
==================== End of log ============================
|
|
01.07.2015, 06:24
| #11 |
| | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht losCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.4 (06.30.2015:2)
OS: Windows 8.1 x64
Ran by Martin on 01.07.2015 at 6:52:58,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\tuneup software
Successfully deleted: [Folder] C:\Users\Martin\AppData\Roaming\tuneup software
Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin
~~~ FireFox
~~~ Chrome
[C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.07.2015 at 7:13:15,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter dditional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Martin at 2015-07-01 07:19:37
Running from C:\Users\Martin\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-683499341-1041353402-3527594545-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-683499341-1041353402-3527594545-501 - Limited - Disabled)
Martin (S-1-5-21-683499341-1041353402-3527594545-1001 - Administrator - Enabled) => C:\Users\Martin
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader XI - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{2D803279-E321-E6CE-B27D-CD13196FD7CD}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
ArtMoney SE v7.40.5 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.40.5 - System SoftLab)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.0.5.0 - )
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Command and Conquer 3: Tiberium Wars (HKLM-x32\...\Steam App 24790) (Version: - EA Los Angeles)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.0.0 - COMODO)
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
D1400 (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden
D1400_Help (x32 Version: 90.0.235.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
dj_sf_ProductContext (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden
dj_sf_software (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden
dj_sf_software_req (x32 Version: 140.0.421.000 - Hewlett-Packard) Hidden
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
DVDFab 8.1.7.8 (17/04/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
Free YouTube to MP3 Converter version 3.12.59.525 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.525 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 07 (HKLM-x32\...\{3EE2F527-F306-49E9-0086-662C337ADD3B}) (Version: - )
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.4.0 - Electronic Arts)
GeekBuddy (HKLM\...\{E98902C5-09AF-487A-AFAE-D4C386F506C0}) (Version: 4.18.121 - Comodo Security Solutions Inc)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet Printer Driver Software (HKLM\...\{7262D84B-A6AA-40D2-B8DE-56B10EE28BE1}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.05.000 - SEGA)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movavi Video Editor 10 (HKLM-x32\...\Movavi Video Editor 10) (Version: 10.2.0 - Movavi)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.)
PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version: - CPUID)
phase-6 2.3.3 (HKLM-x32\...\phase-6) (Version: 2.3.3 - phase-6)
Poladroid (HKLM-x32\...\{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}) (Version: 0.9.6.0 - Poladroid.net)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Schwert und Speer Ultimat (HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\Schwert und Speer Ultimat) (Version: - )
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Simulationcraft(x64) version 6.1.2.01 (HKLM-x32\...\{AC025546-B7C5-45A7-B16A-80AE482CBB01}_is1) (Version: 6.1.2.01 - Simulationcraft)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.02.0000 - Electronic Arts)
SPORE™ Süß & Schrecklich Ergänzungs-Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Star Wars(TM): Knights of the Old Republic (TM) (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: - )
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TSLRCM 1.8.1 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 3.57 - UNKNOWN)
Warcraft Logs Uploader (x32 Version: 3.57 - UNKNOWN) Hidden
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.0.0.0 - 1&1 Mail & Media GmbH)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version: - Team17 Digital Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
15-06-2015 23:33:43 Geplanter Prüfpunkt
24-06-2015 07:57:49 Geplanter Prüfpunkt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03A8CF97-D768-47B8-AF76-7AB7414FDCF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {11F56EFD-CA88-4F67-8EF4-D5D7478EF6DB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {16DB4709-8924-425B-AF82-3258634D2B0C} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {389F491A-EC9F-4B7D-946F-CBAFCEC9D0AF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {5157DB7C-313D-4688-918D-D8F737C847FC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {613D5DDA-C2B0-4509-B56F-8A30E12F581C} - System32\Tasks\{1F44A87C-7151-42FA-AA63-825AF8DCFC7C} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=battle.net --displayname="Battle.net"
Task: {67DDB5D0-C2D2-4151-BD31-56BDFF0D69D5} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {707C964D-4452-41CA-911A-6F03F553846E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {911F4F22-C7EB-4101-BF01-74C277E2D150} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26] (Google Inc.)
Task: {93520BA5-97A4-4B1F-9980-4CEC3E3CB593} - System32\Tasks\{9CBB7376-FECB-4CF2-9328-3A9446A741EE} => pcalua.exe -a "C:\Users\Martin\Desktop\Age of Empires II\DPLAY61A.EXE" -d "C:\Users\Martin\Desktop\Age of Empires II"
Task: {9DC035A1-A0E9-405D-9794-E7B51FC58190} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-10] (COMODO)
Task: {B0342DA8-9259-43D1-B121-059857C43FB6} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {B06942A5-D02F-4193-974E-786E735B8FEC} - System32\Tasks\{8D3C155F-8CDE-478B-9586-69C7C4A4FA69} => pcalua.exe -a "C:\Users\Martin\Desktop\Age of Empires II\UNINSTAL.EXE" -d "C:\Users\Martin\Desktop\Age of Empires II"
Task: {BEB83050-FED7-4B0F-9AE3-395CB9B65C2D} - System32\Tasks\{3D53AAC9-3BB7-4029-832E-415FF26960E0} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {C7A6292C-26F5-4B37-AC94-A43C2CB5578B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-10] (COMODO)
Task: {F74496B4-C62E-4222-B361-E96A2BF9BECC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-26] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2013-04-15 18:39 - 2015-01-09 00:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-22 19:48 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 19:48 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-22 19:48 - 2015-06-20 07:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\calc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
|
|
01.07.2015, 06:25
| #12 |
| | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los Teil 2: Code:
ATTFilter AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp120.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdfcoinstaller01009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID
|
|
01.07.2015, 06:26
| #13 |
| | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los Teil 3 Code:
ATTFilter AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dplaysvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dplayx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpmodemx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpwsockx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCWizard.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID
|
|
01.07.2015, 06:27
| #14 |
| | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los Letzter Teil: Code:
ATTFilter AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netaapl64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbvideo.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Desktop\03 Spieltheorie Spielanalyse Nash Dominante Strategien.docx:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\11125581_879133678841918_1681933074_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\aKBPg9Q_700b.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\Antrag_Ruecktritt_neu.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\aw7b9RB_700b_v1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\CHp7TxkUMAAK4pn.png large.png:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\CIZASwlUAAAU4Fz.png:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\FLT_SDP3B65535_0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\Forschungsfrage.docx:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\how-to-draw-house-targaryen-house-targaryen-dragon_1_000000015929_5.png:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\kathi konfi.zip:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Desktop\kathi konfi.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\KFZA-Kurzpaper.odt:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\simc-612-02-win64.7z:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Desktop\simc-612-02-win64.7z:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\synced-gaming_launcher_gray.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\U3O8wIm.png:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Desktop\yahoo_contacts.csv:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\01 Erstes Ubungsblatt.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\01 Erstes Ubungsblatt.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\01 Introduction.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\01 Introduction.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\04 Viertes Ubungsblatt.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\04 Viertes Ubungsblatt.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\09 2014_11_19_Datenschutz- und Datensicherheit.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\09 2014_11_19_Datenschutz- und Datensicherheit.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\111-Orte-in-Nürnberg.ods:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\11_VL_BA_ESF II_Kap7-I.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\11_VL_BA_ESF II_Kap7-I.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\1_Introduction to IR.ppt:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\1_Introduction to IR.ppt:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\2011-07-19.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\2_Theorie_Hypothesen_M+S I_SoSe15.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\3_VL_BA_ESF II_Kap3.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\3_VL_BA_ESF II_Kap3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ActivePython-2.7.2.5-win64-x64.msi:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\ActivePython-2.7.2.5-win64-x64.msi:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\AdobeAIRInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\AdobeAIRInstaller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\adwcleaner_4.109.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\adwcleaner_4.111.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\AdwCleaner_4.207.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\AdwCleaner_4.207.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Altoholic_v6.1.001.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Ankuendigung_Vortrag.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Ankuendigung_Vortrag.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Annahme von Willenserklarungen.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Annahme von Willenserklarungen.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Auctionator_0323.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Audacity - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\BA-MHB-WS-2014-15.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\BA-MHB-WS-2014-15.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Bartender4-4.6.7.zip:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Bartender4-4.6.7.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Bartender4-4.6.8.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Battle.net-Setup-deDE(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Battle.net-Setup-deDE.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Battle.net-Setup-deDE.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\BGH NJW 2014, 1805.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\BGH NJW 2014, 1805.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Chronik 1970-1995.online.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Chronik 1970-1995.online.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.0.15 (1).zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.0.15.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.1.0.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.1.4.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.1.8.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\DBM-Core-6.2.0.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Defogger.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Defogger.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Der Verbraucherbegriff nach der Umsetzung der Verbraucherrechterichtlinie.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Der Verbraucherbegriff nach der Umsetzung der Verbraucherrechterichtlinie.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 1 mit Losung.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 1 mit Losung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 12 mit Losung.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 12 mit Losung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 14 mit Losung.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Einheit 14 mit Losung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\elvui-7.86.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\elvui-8.10.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap1-2.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap1-2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2a3-Wdh.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap2a3-Wdh.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap3.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\ESFII_Kap3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ExRT3440.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.10.0.1_win32-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.10.1.1_win32-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.10.3_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.11.0.1_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\FileZilla_3.11.0.2_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Firefox_Setup_36.0.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Firefox_Setup_36.0.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\FLT_SDP3B65535_0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag GfK Siegfried Hogl.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag GfK Siegfried Hogl.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag PaG Helen Saade a Andreas Onnen.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Folien Gastvortrag PaG Helen Saade a Andreas Onnen.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\foxyproxy_standard-4.5-sm_tb_fx (1).zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\foxyproxy_standard-4.5-sm_tb_fx.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\FreeYouTubeToMP3Converter_3.12.59.525.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Gmer-19357.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Gmer-19357.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen)(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen Zivilrecht WS 2014-15 - Vorlesungsfolien (ohne Losungen).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen-Ökonometrie-Kapitel-4.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundlagen-Ökonometrie-Kapitel-4.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundwissen Bereicherungsrecht Grundtypen der Kondiktionen.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Grundwissen Bereicherungsrecht Grundtypen der Kondiktionen.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Hohmeyer_Wolff 2010_uebung7.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Hohmeyer_Wolff 2010_uebung7.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung3.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung4.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Iv-Ue_MethodenII_AD_Sitzung4.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 2.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 3.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 4.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 4.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 5.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 5.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 9.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel 9.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel Nr. 14.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Kapitel Nr. 14.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\kauf_828948_94ea886e901a.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Klausur 10ECTS.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Klausur 10ECTS.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Klausur WS 2010_11.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Klausur WS 2010_11.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Klausurvorbereitung WS14_15.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Klausurvorbereitung WS14_15.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\kw_09_08.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\kw_09_08.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Lerneinheit 1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Lerneinheit 1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\libmp3lame-win-3.99.3.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\LOL_OPGG_Observer_2125424600_spectate.bat:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Losungshinweise Tutoriumseinheit 1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Losungshinweise Tutoriumseinheit 1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\MasterPlan-0.33.zip:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\MasterPlan-0.33.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\MasterPlan-0.60.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Mathe-Leitfaden.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Mathe-Leitfaden.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup-2.1.6.1022.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup-2.1.6.1022.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\mbam-setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ME09-HMM.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\ME09-HMM.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Merkblatt_BA.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Merkblatt_BA.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\MikroWiSe0910_ProbeklausurLsg.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\MikroWiSe0910_ProbeklausurLsg.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\MinecraftInstaller.msi:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.jar:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\minecraft_server.1.8.3.jar:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\MovaviVideoEditorSetupC.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Münch0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\natuerlicherLogarithmus.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\natuerlicherLogarithmus.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\PO_Bachelorstudiengaenge_JULI2014.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\PO_Bachelorstudiengaenge_JULI2014.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht-1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht-1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Praktikumsbericht.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Probeklausur_Absatz.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Probeklausur_Absatz.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\PuTTY - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\rcsetup151_slim.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Rechenweg Markov-Modell.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Rechenweg Markov-Modell.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SG TCP Optimizer - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SilverDragon-v3.1.5.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64 (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Silverlight_x64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-02-Win64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-02-Win64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-07-Win64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-610-07-Win64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-612-01-Win64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\SimcSetup-612-01-Win64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Skada-1.4-29.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Skada-1.4-30.zip:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Skada-1.4-30.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SkypeSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\SkypeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_0.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_2.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_3.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_4.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_4.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_5.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_5.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\sozpol_6.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Stata Einfuehrung.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Stata Einfuehrung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\statistik_i_5b.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(2).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht(2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Sternbericht.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\studbesch_51F4B0EB5169D943B9D28A074E0B21AB.cit-prod-tomcat4.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\SUPERAntiSpyware.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\SUPERAntiSpyware.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\TellMeWhen-7.3.1.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\ThogarAssist-v6.0.3-9.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\TidyPlates_6_16_1.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Tor Browser Paket - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\torbrowser-install-4.0.4_de.exe:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\torbrowser-install-4.0.4_de.exe:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Tutoriumsskript.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Tutoriumsskript.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubersicht Willenserklarung.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubersicht Willenserklarung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 6.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 7.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\Ubungsblatt 7.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\uebungsskript_deskriptivstatistik_teil_v.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\uebungsskript_deskriptivstatistik_teil_v.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\uetraeger_CEE4D33C2C43F20F6D37F228BA04ADA9.cit-prod-tomcat8.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\uetraeger_CEE4D33C2C43F20F6D37F228BA04ADA9.cit-prod-tomcat8.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\vkw01_jaeckel.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\VWL_SP.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\VWL_SP.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\warcraftlogs.air:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\WeakAuras-2.1.0.3.zip:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\WeakAuras-2.1.0.3.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\WIM-3.6.26.zip:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\WI_SP.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Martin\Downloads\WI_SP.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Martin\Downloads\yab.pdf:$CmdZnID
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 8.8.8.8
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: BBUpdate => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CLPSLauncher => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpqcxs08 => 3
MSCONFIG\Services: hpqddsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TapiSrv => 3
HKLM\...\StartupApproved\StartupFolder: => "phase-6 Reminder.lnk"
HKLM\...\StartupApproved\Run: => "CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "icq"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-683499341-1041353402-3527594545-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{02D57F51-8721-43AC-9355-AC8974F0F22E}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{39EBE1F9-B99F-4E57-A5E3-D62B0C2BCF02}] => (Allow) C:\Windows\Temp\CMC_DRAGON\restart_helper.exe
FirewallRules: [{0DCBD549-6F91-4DF7-B836-FF9628497B16}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{FBCFE49C-8A63-411A-8BE5-0A6D3DB2F36B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{90CA87E5-157E-494E-9355-DF672FFDB890}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{2FA9B299-DFE8-41CD-AEAB-5A17A3C24E80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{A9C6B674-AEC7-437E-8F66-BBDE4452FBC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{1D33D7D0-AB4B-46AA-97FD-1FF2B9DD0A1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{5EE15B18-3207-4DDD-A976-DC43052C0A23}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7AA757CE-122F-4080-B777-83ED413F2EAB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{DA10CD7D-0F14-4AD1-9DB9-15B02C9C0A10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C4DA08AB-C471-4CFD-BD01-45666B1A3DA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{3806AE6A-905D-4E92-B896-26C0A31CFA8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{680C0A7D-B498-48C6-BDCF-C7398C1E1A25}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{49CE7598-A5B8-4583-8652-A0C26A48A510}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{303D534E-28D4-4291-B3A4-EA926A4409C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{127FAB27-1219-427A-82DF-CE36D947AE1A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{ADB36031-1001-48FC-B5FC-951C11D82717}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EDEE1807-4F04-4563-A103-2750D7FD175E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{6AD0F808-A318-4320-894E-FE85A50CA8ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{6A1CF1E4-4EA6-40D4-9414-DF30E202263C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{74AAFFF7-279F-46FC-AC77-72363C337B35}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{16D8F0D2-30D4-4F17-A129-625C0AA1FA1E}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{88FE9E0E-8B74-4769-99C6-92C205DE5B63}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{0B0FE71F-FBFB-4A40-A22D-CED211C4D614}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{004DA7F5-C6F2-4CBC-BE57-4F04AB43B916}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{1FF83A51-E093-4276-B60F-67F513D9E8B3}] => (Allow) C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{14DBD80B-5884-4BF8-B6A0-EA2D5F0A7983}] => (Allow) C:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [UDP Query User{F54B3F50-8DF3-4652-9BAA-B7DDF09DA187}C:\sierra\empire earth\empire earth.exe] => (Block) C:\sierra\empire earth\empire earth.exe
FirewallRules: [TCP Query User{0C62ED83-576D-457A-B7C0-A088E3EA3EC7}C:\sierra\empire earth\empire earth.exe] => (Block) C:\sierra\empire earth\empire earth.exe
FirewallRules: [{316D42C9-B326-4EEB-B44E-18793AE48082}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{CCEB3FCE-7535-4796-8BAF-C5FB36AC6E35}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{392CEE40-8F43-4093-97AA-800C2FE046D6}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{E519B489-A61F-464F-A124-E9A03495E6DC}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{9DBBB315-5690-4D84-B9B1-5710BB63AD1F}C:\users\martin\desktop\age of empires ii\empires2.exe] => (Allow) C:\users\martin\desktop\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{1C597B41-EB89-48C9-9D97-6420B831FB68}C:\users\martin\desktop\age of empires ii\empires2.exe] => (Allow) C:\users\martin\desktop\age of empires ii\empires2.exe
FirewallRules: [{AD4DFDF2-9BB2-4667-9AAA-8FC23F15705F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FF5BCB0F-472B-4E53-89BA-74301083D8E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{57D1A7B3-8418-4E14-AF88-92FEF5CBFF84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{20E9758E-58EC-46AB-8D2F-FBB1660753FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{7CA94948-D896-4A24-B500-8635CC843B88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [UDP Query User{1A7E808A-E3FC-494B-8EFF-E189AF6C23D1}C:\programdata\battle.net\agent\agent.1544\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1544\agent.exe
FirewallRules: [TCP Query User{6CCE4378-FF17-41FA-AC7B-79869D9C399B}C:\programdata\battle.net\agent\agent.1544\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1544\agent.exe
FirewallRules: [{017312AA-990D-4692-92D4-1E52DF0CF2D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\panfa6\counter-strike source\hl2.exe
FirewallRules: [{FAA7DE77-8B26-453B-8B30-A397AFE21C85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\panfa6\counter-strike source\hl2.exe
FirewallRules: [{BF8F0F0B-4922-4486-9C3E-B01A23FA8832}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F48413D-58DF-4D26-95C0-E17E9BB977CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ACB6E90E-C40C-41A8-BA8E-3BC3B84BD69F}] => (Allow) C:\Users\Martin\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{F30936EF-F6CF-49FC-B956-2E79BBE9596C}] => (Allow) C:\Users\Martin\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{CE05D2C9-A416-4F88-A6C6-06094A9DC88A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{E42A538C-813C-4601-B233-E0E85EB432C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [UDP Query User{21A5FFF9-3EEA-4A9F-9FAC-72404907F704}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [TCP Query User{C20AA7FF-44FF-4C08-8A6E-1836B5FB2F40}C:\programdata\battle.net\agent\agent.1040\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [{132E2013-3982-42B1-94B6-6DE7997AAEE0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{E305D310-F8CF-4388-B03A-BC8EDFC50195}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{0E77881C-D498-41E4-AA64-363B76DA1842}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{48B81B0A-2D7C-494B-8F41-84915939ED39}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{647F9546-8E20-4F1C-87D6-3104050C7FF4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E52C813F-E311-44E1-9DB5-A0919633E0BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0BAA4276-8EDD-4075-A529-01B57A915004}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7A0FB5D1-6E28-4C2E-B53C-E423B9985F38}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1E556905-A747-4C78-92E0-574F71E9E68D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F66F3367-4F79-4B43-9895-6F16639B14E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{D0DB1B0E-F898-49A3-A4ED-B6848B73CAAD}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [UDP Query User{384533A7-3315-4188-9247-39FA9D0AA920}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [{6EAD6FBE-7231-49CE-A226-AAB9D82FD8BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{B4712EF8-87AF-482F-AE68-27B5A9F6BEA7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{E5C663FA-14C0-4A0A-80AA-7127CA2ACCA3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B7BEC7B2-B43C-4DB0-8DF8-2AAB2AED4A32}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{962C5C41-08F0-45FB-990B-10CA0D7148CD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{C69CA34E-EB7F-4AF7-A3C0-F495E661178B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{D274668E-31F5-4F51-AD80-CDE8FDFCB6F8}E:\worms\steamapps\common\worms armageddon\wa.exe] => (Allow) E:\worms\steamapps\common\worms armageddon\wa.exe
FirewallRules: [UDP Query User{36EB450B-38BF-495B-8657-251BAB95425D}E:\worms\steamapps\common\worms armageddon\wa.exe] => (Allow) E:\worms\steamapps\common\worms armageddon\wa.exe
FirewallRules: [{95E5B99A-85EB-4A20-956C-B521D2C3572D}] => (Block) E:\worms\steamapps\common\worms armageddon\wa.exe
FirewallRules: [{C58AB113-FBC1-4E43-BF27-29389EEA65D3}] => (Block) E:\worms\steamapps\common\worms armageddon\wa.exe
FirewallRules: [TCP Query User{D5536BF9-78D2-472E-A58A-A382742F099A}C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{CD626AB9-EA54-483B-9960-73191AE832CC}C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\origin games\dragon age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{CFCEE9D2-ABC3-47BB-9FC4-859F44B2C050}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{D1EB3061-FC2A-451E-BB97-44A1E53560FD}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{300E592E-F3C0-4493-9395-4C581ABF1662}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{60F50F99-1506-4B8D-AA01-E7CA45347A42}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{95E8E020-EE04-4EB7-8D0B-2731955A9B7E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A660151-1DAC-4011-B0E4-8F427F0E353C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7F1C0906-B7F2-434D-AE7E-1163E8AD8E84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{239FA175-4E42-431E-A03F-6BE1C07EAA56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40918112-C08B-4B28-9289-A7D0AB6B9C43}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A93F574D-3825-4AF8-B679-4E634D7012AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6FBC854D-003E-49F0-B283-5FE2D0671862}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF0C41C7-03E3-43C2-B154-82FA0A25BCDA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe
FirewallRules: [{61569E20-01D1-4E3A-81F1-E086C5244365}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe
FirewallRules: [{79434C34-E8F0-4B02-A056-722D3BCEC498}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{E647FDC6-6027-439D-A4CC-6D7693988E15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{300D65B0-A1D7-4988-AB3C-88719DDC17E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/30/2015 11:40:15 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/29/2015 00:41:36 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0
Error: (06/29/2015 00:41:27 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/27/2015 11:24:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 3.1.2000.0, Zeitstempel: 0x545adf9d
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec180
ID des fehlerhaften Prozesses: 0x1600
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5
Error: (06/27/2015 01:02:03 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/26/2015 08:19:28 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe
Error: (06/26/2015 00:12:14 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/26/2015 03:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 43.0.2357.130, Zeitstempel: 0x5584c777
Name des fehlerhaften Moduls: delegate_execute.exe, Version: 43.0.2357.130, Zeitstempel: 0x5584c777
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002aaef
ID des fehlerhaften Prozesses: 0x4168
Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0
Pfad der fehlerhaften Anwendung: delegate_execute.exe1
Pfad des fehlerhaften Moduls: delegate_execute.exe2
Berichtskennung: delegate_execute.exe3
Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5
Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm FUSSBALL MANAGER 13 wurde wegen dieses Fehlers geschlossen.
Programm: FUSSBALL MANAGER 13
Datei:
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0
Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Manager13.exe, Version: 1.0.4.0, Zeitstempel: 0x026d3040
Name des fehlerhaften Moduls: Manager13.exe, Version: 1.0.4.0, Zeitstempel: 0x026d3040
Ausnahmecode: 0xc000001d
Fehleroffset: 0x014f5fb0
ID des fehlerhaften Prozesses: 0x2c1c
Startzeit der fehlerhaften Anwendung: 0xManager13.exe0
Pfad der fehlerhaften Anwendung: Manager13.exe1
Pfad des fehlerhaften Moduls: Manager13.exe2
Berichtskennung: Manager13.exe3
Vollständiger Name des fehlerhaften Pakets: Manager13.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Manager13.exe5
System errors:
=============
Error: (07/01/2015 07:15:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: microsoft.windowscommunicationsapps
Error: (07/01/2015 07:14:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingFoodAndDrink
Error: (07/01/2015 07:14:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingNews
Error: (07/01/2015 07:14:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingTravel
Error: (07/01/2015 07:14:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingWeather
Error: (07/01/2015 07:14:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.SkypeApp
Error: (07/01/2015 07:14:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingFinance
Error: (07/01/2015 07:14:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingHealthAndFitness
Error: (07/01/2015 07:13:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.BingSports
Error: (07/01/2015 07:13:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d0a fehlgeschlagen: Microsoft.ZuneVideo
Microsoft Office:
=========================
Error: (06/30/2015 11:40:15 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/29/2015 00:41:36 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0
Error: (06/29/2015 00:41:27 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/27/2015 11:24:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe3.1.2000.0545adf9dntdll.dll6.3.9600.17736550f4336c000014200000000000ec180160001d0b11f998b4bd2C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\WINDOWS\SYSTEM32\ntdll.dlld8396700-1d12-11e5-819e-3085a99e46fb
Error: (06/27/2015 01:02:03 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/26/2015 08:19:28 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe
Error: (06/26/2015 00:12:14 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
Error: (06/26/2015 03:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe43.0.2357.1305584c777delegate_execute.exe43.0.2357.1305584c777c00000050002aaef416801d0afacb4d5c99bC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\delegate_execute.exef8df3904-1b9f-11e5-819d-3085a99e46fb
Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: FUSSBALL MANAGER 13000000000
Error: (06/25/2015 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Manager13.exe1.0.4.0026d3040Manager13.exe1.0.4.0026d3040c000001d014f5fb02c1c01d0af4afb4bbeb4C:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exeC:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exe3d4584eb-1b3e-11e5-819d-3085a99e46fb
CodeIntegrity Errors:
===================================
Date: 2015-07-01 07:16:59.360
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-01 06:47:27.603
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-01 02:43:44.222
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-01 02:31:50.909
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-01 02:24:41.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-01 02:13:57.857
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-07-01 01:45:54.001
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-30 20:34:04.046
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-30 18:59:47.017
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-30 18:51:32.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 39%
Total physical RAM: 8120.43 MB
Available physical RAM: 4891.17 MB
Total Pagefile: 9400.43 MB
Available Pagefile: 5563.1 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.56 GB) (Free:381.46 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B97C5BC3)
Partition: GPT Partition Type.
==================== End of log ============================
 gruß baane |
|
01.07.2015, 11:39
| #15 |
| /// the machine /// TB-Ausbilder | Comodo wird TrojWare.JS.Agent.PD@300743807 nicht losESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los |
| adobe, adware, antivirus, browser, comodo, datei anhängen, defender, desktop, email, firefox, flash player, google, hängen, langsam, mozilla, problem, prozess, prozesse, realtek, registry, rundll, scan, security, software, superantispyware, svchost.exe, system, trojware, wiederholung, windows |
Linear-Darstellung
