| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet VerbindungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.06.2015, 22:54
| #1 |
 |  Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung Hallo liebe Trojaner Gemeinde, ich habe seit ca. 2 Tagen ein großes Problem und vermute, dass ein Trojaner dahinter steckt. Normalerweise habe ich nie Probleme mit sowas, da ich doch sehr vorsichtig bin und mehrere Antiviren, Anti-Malware etc. installiert habe. U.a. Comodo Internet Security und Zemana Antilogger. Jedoch habe ich mir für das CAD Programm Creo die "startup tools" von inneo runtergeladen und installiert. Hier fand Comodo irgendwann im Verzeichnis einen Trojaner und fragte, ob die Datei entfernt werden soll, da ich das wegen vermeintlich seriöser Quelle als Fehlanzeige einschätze, habe ich auf Ignorieren geschaltet. Leider habe ich mir auch nicht mehr den Namen des Trojaners gemerkt. Nun läuft mein System extrem instabil. Firefox oder Chrome stürzen grundlos ab. Es kommt eine Meldung, dass Firefox unerwartet abgestürzt ist und ein Neustart bzw. Restauration empfohlen wird. Ja ich war leider schon mit dem Internet verbunden und habe Panik, um meine online Daten als auch auf der Festplatte. Internet Verbindung bleibt auch nur sehr kurz erhalten, bricht ab und wird als begrenzt beim WLAN Symbol angezeigt, wobei meine WG-Mitbewohner ohne Probleme weiter surfen können. Comodo wird nicht mehr gestartet mit roter Kreuzbox als Fehlermeldung und irgendeine csystray Datei, die nicht gestartet werden kann. Habe eine kurze Zeit der stabilen Internet Verbindung genutzt, um Antivir zu installieren und prüfen zu lassen. Hier prüft Antivir, wobei der Lüfter laut läuft, und bleibt dann mitten in der Prüfung stehen, sodass nichts mehr geht und Lüfter sich ausschaltet. Bildschirm ist wie eingefroren. Auch kein Affengriff mehr möglich. Ich fahre das Notebook dann physisch über längeres Drücken des Startknopfes gezwungenermaßen runter. Diese Prozedur habe ich mehrmals probiert und immer wieder kommt nach 10 - 20 min ein vollständiger System freeze. Auch Systemwiederherstellung im abgesicherten Modus konnte wegen einer Fehlermeldung nicht durchgeführt werden. Ich hoffe ihr könnt mir helfen. Bin schon echt verzweifelt. Liebe grüße |
|
30.06.2015, 04:37
| #2 |
| /// TB-Ausbilder   | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
30.06.2015, 22:40
| #3 |
| | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung Die Log-Files sind zu lang, selbst wenn ich diese einzeln poste.
__________________Ich habe hier mal eine .txt angehängt. Hoffentlich ist das so in Ordnung für dich Matthias. Danke sehr für die Hilfe. PS: Ich habe die einzelnen Logs jetzt auch nochmal gesplittet. Code:
ATTFilter 23:05:08.0720 0x0fac TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:05:12.0755 0x0fac ============================================================
23:05:12.0755 0x0fac Current date / time: 2015/06/30 23:05:12.0755
23:05:12.0755 0x0fac SystemInfo:
23:05:12.0755 0x0fac
23:05:12.0755 0x0fac OS Version: 6.3.9600 ServicePack: 0.0
23:05:12.0755 0x0fac Product type: Workstation
23:05:12.0755 0x0fac ComputerName: ******
23:05:12.0755 0x0fac UserName: ******
23:05:12.0755 0x0fac Windows directory: C:\WINDOWS
23:05:12.0755 0x0fac System windows directory: C:\WINDOWS
23:05:12.0755 0x0fac Running under WOW64
23:05:12.0755 0x0fac Processor architecture: Intel x64
23:05:12.0755 0x0fac Number of processors: 8
23:05:12.0755 0x0fac Page size: 0x1000
23:05:12.0755 0x0fac Boot type: Normal boot
23:05:12.0755 0x0fac ============================================================
23:05:12.0818 0x0fac KLMD registered as C:\WINDOWS\system32\drivers\82380652.sys
23:05:12.0896 0x0fac System UUID: {FDCFFE7E-8327-6853-6FEE-B77128E85DBF}
23:05:13.0162 0x0fac Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 ( 223.57 Gb ), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:05:13.0162 0x0fac Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:05:13.0162 0x0fac ============================================================
23:05:13.0162 0x0fac \Device\Harddisk0\DR0:
23:05:13.0162 0x0fac MBR partitions:
23:05:13.0162 0x0fac \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
23:05:13.0162 0x0fac \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x1BE74000
23:05:13.0162 0x0fac \Device\Harddisk1\DR1:
23:05:13.0162 0x0fac MBR partitions:
23:05:13.0162 0x0fac \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x744DB800
23:05:13.0162 0x0fac ============================================================
23:05:13.0162 0x0fac C: <-> \Device\Harddisk0\DR0\Partition2
23:05:13.0537 0x0fac D: <-> \Device\Harddisk1\DR1\Partition1
23:05:13.0537 0x0fac ============================================================
23:05:13.0537 0x0fac Initialize success
23:05:13.0537 0x0fac ============================================================
23:05:16.0584 0x0514 ============================================================
23:05:16.0584 0x0514 Scan started
23:05:16.0584 0x0514 Mode: Manual;
23:05:16.0584 0x0514 ============================================================
23:05:16.0584 0x0514 KSN ping started
23:05:20.0490 0x0514 KSN ping finished: true
23:05:20.0803 0x0514 ================ Scan system memory ========================
23:05:20.0803 0x0514 System memory - ok
23:05:20.0803 0x0514 ================ Scan services =============================
23:05:20.0865 0x0514 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
23:05:20.0881 0x0514 1394ohci - ok
23:05:20.0897 0x0514 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
23:05:20.0897 0x0514 3ware - ok
23:05:20.0928 0x0514 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
23:05:20.0943 0x0514 ACPI - ok
23:05:20.0943 0x0514 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
23:05:20.0943 0x0514 acpiex - ok
23:05:20.0943 0x0514 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
23:05:20.0959 0x0514 acpipagr - ok
23:05:20.0959 0x0514 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
23:05:20.0959 0x0514 AcpiPmi - ok
23:05:20.0959 0x0514 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
23:05:20.0959 0x0514 acpitime - ok
23:05:20.0975 0x0514 [ 3B42D95D20CD2AACDB0564471AE43ED7, BF49568D7060159F61D5F6DE7ECDECCCD1F920A2881544BA83CF420C822F6653 ] ACPIVPC C:\WINDOWS\System32\drivers\AcpiVpc.sys
23:05:20.0975 0x0514 ACPIVPC - ok
23:05:20.0975 0x0514 [ 3FE4D3B9748D3AE8973C13E7FA3FE25B, 18A974988A3C412B22DC25BFF66E6A03E289B82DB3FC42BC329D5D64A289D6A3 ] admnfd C:\WINDOWS\system32\Drivers\admnfd.sys
23:05:20.0975 0x0514 admnfd - ok
23:05:20.0990 0x0514 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:05:20.0990 0x0514 AdobeARMservice - ok
23:05:21.0037 0x0514 [ 6259A5B669AE018A5E53247259A101C3, 1CD2102FAF1DCEB6B8278D098A7C1A85ED6D6E5DCF7F70E0E9A5166B67C8D057 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:05:21.0037 0x0514 AdobeFlashPlayerUpdateSvc - ok
23:05:21.0068 0x0514 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
23:05:21.0084 0x0514 ADP80XX - ok
23:05:21.0084 0x0514 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
23:05:21.0084 0x0514 AeLookupSvc - ok
23:05:21.0100 0x0514 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
23:05:21.0115 0x0514 AFD - ok
23:05:21.0115 0x0514 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
23:05:21.0115 0x0514 agp440 - ok
23:05:21.0115 0x0514 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
23:05:21.0115 0x0514 ahcache - ok
23:05:21.0131 0x0514 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
23:05:21.0131 0x0514 ALG - ok
23:05:21.0131 0x0514 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
23:05:21.0131 0x0514 AmdK8 - ok
23:05:21.0147 0x0514 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
23:05:21.0147 0x0514 AmdPPM - ok
23:05:21.0147 0x0514 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
23:05:21.0147 0x0514 amdsata - ok
23:05:21.0147 0x0514 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
23:05:21.0162 0x0514 amdsbs - ok
23:05:21.0162 0x0514 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
23:05:21.0162 0x0514 amdxata - ok
23:05:21.0162 0x0514 [ 0B07A206A3466FB9754632F266A1F576, 58FE3C15AFA9808E33B6C5500BAA08237EDD0CD5F70F85407075F58FAFD36D3A ] AntiLog32 C:\WINDOWS\system32\drivers\AntiLog64.sys
23:05:21.0162 0x0514 AntiLog32 - ok
23:05:21.0193 0x0514 [ 3358CAD1887DDDDD2A36B7796B579292, 40BA1A836276C2AA78914F294661C3C918F2D6DFAA9D6EF3FEB6D1EE3B07F584 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
23:05:21.0193 0x0514 AntiVirMailService - ok
23:05:21.0209 0x0514 [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
23:05:21.0209 0x0514 AntiVirSchedulerService - ok
23:05:21.0225 0x0514 [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirService C:\Program Files (x86)\Avira\Antivirus\avguard.exe
23:05:21.0225 0x0514 AntiVirService - ok
23:05:21.0256 0x0514 [ 6FD5165364D88FDABE4FA59E1768376F, B82D11E6FCC297F822E29A49D46C9985955C9F5676D107A397B00D0468F93504 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
23:05:21.0272 0x0514 AntiVirWebService - ok
23:05:21.0272 0x0514 [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll
23:05:21.0272 0x0514 AppHostSvc - ok
23:05:21.0287 0x0514 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
23:05:21.0287 0x0514 AppID - ok
23:05:21.0287 0x0514 [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
23:05:21.0287 0x0514 AppIDSvc - ok
23:05:21.0287 0x0514 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
23:05:21.0287 0x0514 Appinfo - ok
23:05:21.0303 0x0514 [ 1A8EA3500576DD4B43E9318F10709E0E, 85F8581C319DE241B223366F08A5F9301858DA9DA1A0CAA10ED387A2B99EC216 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:05:21.0303 0x0514 AppMgmt - ok
23:05:21.0318 0x0514 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
23:05:21.0318 0x0514 AppReadiness - ok
23:05:21.0350 0x0514 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
23:05:21.0365 0x0514 AppXSvc - ok
23:05:21.0365 0x0514 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
23:05:21.0365 0x0514 arcsas - ok
23:05:21.0381 0x0514 [ AA2E8C6B8D7EA7BAF04C988801927F48, 4B82043F1B9C67CDCDC71102F7AEE05EEA8F9775A5CB33AE80F4DCDB42521C40 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:05:21.0381 0x0514 aspnet_state - ok
23:05:21.0397 0x0514 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:05:21.0397 0x0514 AsyncMac - ok
23:05:21.0397 0x0514 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
23:05:21.0397 0x0514 atapi - ok
23:05:21.0397 0x0514 [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
23:05:21.0397 0x0514 AudioEndpointBuilder - ok
23:05:21.0428 0x0514 [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
23:05:21.0428 0x0514 Audiosrv - ok
23:05:21.0443 0x0514 [ CC1ABBD9E61B7AA5CCBB45EA87CB033F, 4E5DE485833721E19B36455C017B9D908BAA7D12637A878934A0FAF2326E000B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:05:21.0443 0x0514 avgntflt - ok
23:05:21.0443 0x0514 [ 07C8454D3A94BA478752FAFA2B94E0FE, EB19396D4A6D51D6C33ED55C8EF0259045801D39CCE2945931F9163D6006C133 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:05:21.0443 0x0514 avipbb - ok
23:05:21.0459 0x0514 [ 8884C9DDA76D76BADFD390B33D1DE70D, 0C7EE611C6E8255A280F1C13F7BFE493679E78D05986FB47BF5EF799637F6584 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
23:05:21.0459 0x0514 Avira.ServiceHost - ok
23:05:21.0459 0x0514 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
23:05:21.0459 0x0514 avkmgr - ok
23:05:21.0459 0x0514 [ 83586138F23A4C284EB68AFC852D7AFA, 9ADE8924B4518ED0A8E3FC4CC3F9964BC05B5FF67F230A7FD0BDABCFFA0BB0C8 ] avnetflt C:\WINDOWS\system32\DRIVERS\avnetflt.sys
23:05:21.0459 0x0514 avnetflt - ok
23:05:21.0475 0x0514 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
23:05:21.0475 0x0514 AxInstSV - ok
23:05:21.0506 0x0514 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
23:05:21.0522 0x0514 b06bdrv - ok
23:05:21.0522 0x0514 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
23:05:21.0522 0x0514 BasicDisplay - ok
23:05:21.0537 0x0514 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
23:05:21.0537 0x0514 BasicRender - ok
23:05:21.0537 0x0514 [ 70433F7A216BD0B5EC7DA1202EE53E65, 12F3210EC5546714B34225770242F5CF4AC36032BB49A8E8989620BA274AC505 ] bcbtums C:\WINDOWS\system32\drivers\bcbtums.sys
23:05:21.0553 0x0514 bcbtums - ok
23:05:21.0600 0x0514 [ 18B186BCC56EC611DE519CBA7D4F65B0, 6F2520AAFDAA4208717DCD121527911D580727C5A6B8C4C7F07C4155C4D8662D ] BcmBtRSupport C:\WINDOWS\system32\BtwRSupportService.exe
23:05:21.0631 0x0514 BcmBtRSupport - ok
23:05:21.0631 0x0514 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
23:05:21.0647 0x0514 bcmfn2 - ok
23:05:21.0647 0x0514 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\WINDOWS\System32\bdesvc.dll
23:05:21.0647 0x0514 BDESVC - ok
23:05:21.0662 0x0514 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:05:21.0662 0x0514 Beep - ok
23:05:21.0678 0x0514 [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\WINDOWS\System32\bfe.dll
23:05:21.0678 0x0514 BFE - ok
23:05:21.0709 0x0514 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
23:05:21.0740 0x0514 BITS - ok
23:05:21.0740 0x0514 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
23:05:21.0740 0x0514 bowser - ok
23:05:21.0756 0x0514 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
23:05:21.0756 0x0514 BrokerInfrastructure - ok
23:05:21.0772 0x0514 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
23:05:21.0772 0x0514 Browser - ok
23:05:21.0772 0x0514 [ 2B3CDC0090D62A8CB7CADD93BF52B4B0, 3BABA02F4CA689937C2AD46581401B83F52687317A0794BB14008E5819F52030 ] browserMon C:\WINDOWS\system32\DRIVERS\browserMon.sys
23:05:21.0772 0x0514 browserMon - ok
23:05:21.0787 0x0514 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
23:05:21.0787 0x0514 BthAvrcpTg - ok
23:05:21.0787 0x0514 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
23:05:21.0787 0x0514 BthEnum - ok
23:05:21.0803 0x0514 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
23:05:21.0803 0x0514 BthHFEnum - ok
23:05:21.0803 0x0514 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
23:05:21.0803 0x0514 bthhfhid - ok
23:05:21.0818 0x0514 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
23:05:21.0834 0x0514 BthHFSrv - ok
23:05:21.0834 0x0514 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\WINDOWS\System32\drivers\BthLEEnum.sys
23:05:21.0850 0x0514 BthLEEnum - ok
23:05:21.0850 0x0514 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
23:05:21.0850 0x0514 BTHMODEM - ok
23:05:21.0865 0x0514 [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
23:05:21.0865 0x0514 BthPan - ok
23:05:21.0897 0x0514 [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
23:05:21.0912 0x0514 BTHPORT - ok
23:05:21.0912 0x0514 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
23:05:21.0912 0x0514 bthserv - ok
23:05:21.0928 0x0514 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
23:05:21.0928 0x0514 BTHUSB - ok
23:05:21.0928 0x0514 [ 20C8EB70C0B179DF06A01CA503F4A824, 1C2DADCBC5D85C1D4F6A28B7F374C829E6DCE0EB720EBDA43CF6AC0AC934AA5E ] btwampfl C:\WINDOWS\system32\DRIVERS\btwampfl.sys
23:05:21.0928 0x0514 btwampfl - ok
23:05:21.0959 0x0514 [ 74C0B31E0FE7C3304FF982C3B194707C, 550EA3AB4402F49976485593CEA5046226A7B3DA7B1280B7D889FD8B02F7519F ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
23:05:21.0975 0x0514 btwdins - ok
23:05:21.0975 0x0514 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
23:05:21.0975 0x0514 cdfs - ok
23:05:21.0990 0x0514 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
23:05:21.0990 0x0514 cdrom - ok
23:05:21.0990 0x0514 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
23:05:21.0990 0x0514 CertPropSvc - ok
23:05:22.0037 0x0514 [ B8FDF91B96F8349FCE83A9088574E144, EF28C6EE458950BFFB2C0F5CD2242CCB4E44E06D62E570797057E42582F58DA7 ] ChromodoUpdater C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
23:05:22.0053 0x0514 ChromodoUpdater - ok
23:05:22.0068 0x0514 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
23:05:22.0068 0x0514 circlass - ok
23:05:22.0068 0x0514 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
23:05:22.0068 0x0514 CLFS - ok
23:05:22.0084 0x0514 [ 0FE9455DC10B3E6CCDF4EBE91E8E9DFD, 31B9DE4C96271C89797530F1AB412071A5BBEF38394497D0F12317D72154479E ] CLPSLauncher C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
23:05:22.0084 0x0514 CLPSLauncher - ok
23:05:22.0084 0x0514 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
23:05:22.0084 0x0514 CmBatt - ok
23:05:22.0178 0x0514 [ 4C3362A4241BD0884370569AB2884443, E947BCFCF401EF200E79AC4C0F0EA38D7891B0B7E4A0535362E5F597A6E2E2DE ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
23:05:22.0256 0x0514 cmdAgent - ok
23:05:22.0272 0x0514 [ F1CC953A1233A3C35ED63FE50FFE1E02, 9174292DA17588C2566F9992FDD9E071348E1B83D408591670296695364FF5C5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
23:05:22.0287 0x0514 cmdGuard - ok
23:05:22.0287 0x0514 [ 0611B15B0C574418700A813A20FF7454, 0816CCCB62F4A99FD61A056EE5F2EC907AA07315EEB02E8C8569061617AA009F ] cmdhlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
23:05:22.0287 0x0514 cmdhlp - ok
23:05:22.0303 0x0514 [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
23:05:22.0318 0x0514 CNG - ok
23:05:22.0334 0x0514 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
23:05:22.0334 0x0514 CompositeBus - ok
23:05:22.0334 0x0514 COMSysApp - ok
23:05:22.0334 0x0514 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
23:05:22.0334 0x0514 condrv - ok
23:05:22.0365 0x0514 [ 969531D3B590E839723DE434C1C288BF, 8960F0076AC05AD16A581AB27D8E0DC2FD735F2BABF05FD0DA8E32341617ECAC ] CoordinatorServiceHost C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
23:05:22.0365 0x0514 CoordinatorServiceHost - ok
23:05:22.0412 0x0514 [ D5F868A46AED8E7CAD6C30E0599DD100, F016C3BAC207B5A513CB28E78F93D1347398B9BEEF8D1A32339D034AFB74CF6C ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
23:05:22.0412 0x0514 cphs - ok
23:05:22.0475 0x0514 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
23:05:22.0475 0x0514 CryptSvc - ok
23:05:22.0506 0x0514 [ 9DBC32A45CFA67074432D2AF6C2832B6, B3B26302961A95EDFD4F994D56B1E5A8452266E0C2161D15C1213BBE376227A2 ] CSC C:\WINDOWS\system32\drivers\csc.sys
23:05:22.0522 0x0514 CSC - ok
23:05:22.0568 0x0514 [ 86079FF8A3B625ABAEB68841D2BF6FE6, 49FF4D458DF8FAB4ECA8CAD9BBF88C929C8B9AB7F063938A6A332B31F2C0F8EB ] CscService C:\WINDOWS\System32\cscsvc.dll
23:05:22.0584 0x0514 CscService - ok
23:05:22.0584 0x0514 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
23:05:22.0600 0x0514 dam - ok
23:05:22.0615 0x0514 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:05:22.0631 0x0514 DcomLaunch - ok
23:05:22.0647 0x0514 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
23:05:22.0647 0x0514 defragsvc - ok
23:05:22.0662 0x0514 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
23:05:22.0662 0x0514 DeviceAssociationService - ok
23:05:22.0662 0x0514 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
23:05:22.0678 0x0514 DeviceInstall - ok
23:05:22.0678 0x0514 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
23:05:22.0678 0x0514 Dfsc - ok
23:05:22.0678 0x0514 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
23:05:22.0678 0x0514 dg_ssudbus - ok
23:05:22.0709 0x0514 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
23:05:22.0725 0x0514 Dhcp - ok
23:05:22.0772 0x0514 [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
23:05:22.0818 0x0514 DiagTrack - ok
23:05:22.0834 0x0514 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
23:05:22.0834 0x0514 disk - ok
23:05:22.0834 0x0514 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
23:05:22.0834 0x0514 dmvsc - ok
23:05:22.0850 0x0514 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:05:22.0850 0x0514 Dnscache - ok
23:05:22.0865 0x0514 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
23:05:22.0865 0x0514 dot3svc - ok
23:05:22.0881 0x0514 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
23:05:22.0897 0x0514 DPS - ok
23:05:22.0975 0x0514 [ B5CDC4E317FDA96F8556316EBB932598, A64F6EBC895E09B89E9D62471F7DA7958FAEF1B486ED6579F47EC926409BC2C9 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
23:05:23.0006 0x0514 DragonUpdater - ok
23:05:23.0006 0x0514 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:05:23.0006 0x0514 drmkaud - ok
23:05:23.0022 0x0514 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
23:05:23.0022 0x0514 DsmSvc - ok
23:05:23.0022 0x0514 [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01 C:\WINDOWS\System32\drivers\dtsoftbus01.sys
23:05:23.0037 0x0514 dtsoftbus01 - ok
23:05:23.0053 0x0514 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
23:05:23.0084 0x0514 DXGKrnl - ok
23:05:23.0084 0x0514 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
23:05:23.0084 0x0514 Eaphost - ok
23:05:23.0147 0x0514 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
23:05:23.0178 0x0514 ebdrv - ok
23:05:23.0193 0x0514 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
23:05:23.0193 0x0514 EFS - ok
23:05:23.0193 0x0514 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
23:05:23.0193 0x0514 EhStorClass - ok
23:05:23.0209 0x0514 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
23:05:23.0209 0x0514 EhStorTcgDrv - ok
23:05:23.0209 0x0514 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
23:05:23.0209 0x0514 ErrDev - ok
23:05:23.0225 0x0514 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
23:05:23.0240 0x0514 EventSystem - ok
23:05:23.0256 0x0514 [ E67E289FA8AA393223AD7F9AFB738FD6, DBAB42EE5C140024CB4FF669664885B5CB404054A430331B5ABF273598A881C0 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:05:23.0287 0x0514 EvtEng - ok
23:05:23.0303 0x0514 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
23:05:23.0303 0x0514 exfat - ok
23:05:23.0318 0x0514 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
23:05:23.0318 0x0514 fastfat - ok
23:05:23.0334 0x0514 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
23:05:23.0334 0x0514 Fax - ok
23:05:23.0350 0x0514 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
23:05:23.0350 0x0514 fdc - ok
23:05:23.0350 0x0514 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
23:05:23.0350 0x0514 fdPHost - ok
23:05:23.0350 0x0514 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
23:05:23.0350 0x0514 FDResPub - ok
23:05:23.0365 0x0514 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
23:05:23.0365 0x0514 fhsvc - ok
23:05:23.0365 0x0514 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
23:05:23.0365 0x0514 FileInfo - ok
23:05:23.0365 0x0514 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
23:05:23.0365 0x0514 Filetrace - ok
23:05:23.0397 0x0514 [ 73081CF28F0AE20A52CA4F67CEE6E6B0, 806C769F3638D25FF1892C7223E7250AA3B9F627DF3AD83BC5AE1FEF7016F86A ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:05:23.0397 0x0514 FLEXnet Licensing Service - ok
23:05:23.0428 0x0514 [ 5CEE6CD43AE5844C49300EA0B1E557EE, FBDBF3CA4EF632613E6046EEB506C5050454F8857348E28EB43E60C332EE0262 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
23:05:23.0459 0x0514 FLEXnet Licensing Service 64 - ok
23:05:23.0475 0x0514 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
23:05:23.0475 0x0514 flpydisk - ok
23:05:23.0490 0x0514 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:05:23.0490 0x0514 FltMgr - ok
23:05:23.0537 0x0514 [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache C:\WINDOWS\system32\FntCache.dll
23:05:23.0553 0x0514 FontCache - ok
23:05:23.0553 0x0514 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:05:23.0553 0x0514 FontCache3.0.0.0 - ok
23:05:23.0553 0x0514 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
23:05:23.0553 0x0514 FsDepends - ok
23:05:23.0569 0x0514 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:05:23.0569 0x0514 Fs_Rec - ok
23:05:23.0569 0x0514 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
23:05:23.0584 0x0514 fvevol - ok
23:05:23.0584 0x0514 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
23:05:23.0584 0x0514 FxPPM - ok
23:05:23.0584 0x0514 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
23:05:23.0584 0x0514 gagp30kx - ok
23:05:23.0647 0x0514 [ 39B47A50DC3D5E898298468307765710, 06268FF65CF69E2B0822477C2D1DA44721B1ADBE4F06C0D3AC0B70C2A18D8DC6 ] GeekBuddyRSP C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
23:05:23.0694 0x0514 GeekBuddyRSP - ok
23:05:23.0694 0x0514 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
23:05:23.0694 0x0514 gencounter - ok
23:05:23.0725 0x0514 [ 4DF4ABCA09AF1530D712FA589CE3BE9F, 573C04358BBAEAEDFDC4F265627E8029295C31BB17C13B428D5694119AECEDAD ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
23:05:23.0725 0x0514 GfExperienceService - ok
23:05:23.0740 0x0514 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
23:05:23.0740 0x0514 GPIOClx0101 - ok
23:05:23.0772 0x0514 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
23:05:23.0787 0x0514 gpsvc - ok
23:05:23.0787 0x0514 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:05:23.0787 0x0514 gupdate - ok
23:05:23.0787 0x0514 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:05:23.0787 0x0514 gupdatem - ok
23:05:23.0803 0x0514 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
23:05:23.0819 0x0514 HdAudAddService - ok
23:05:23.0819 0x0514 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
23:05:23.0819 0x0514 HDAudBus - ok
23:05:23.0819 0x0514 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
23:05:23.0819 0x0514 HidBatt - ok
23:05:23.0819 0x0514 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
23:05:23.0834 0x0514 HidBth - ok
23:05:23.0834 0x0514 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
23:05:23.0834 0x0514 hidi2c - ok
23:05:23.0834 0x0514 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
23:05:23.0834 0x0514 HidIr - ok
23:05:23.0834 0x0514 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
23:05:23.0834 0x0514 hidserv - ok
23:05:23.0850 0x0514 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
23:05:23.0850 0x0514 HidUsb - ok
23:05:23.0850 0x0514 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
23:05:23.0850 0x0514 hkmsvc - ok
23:05:23.0865 0x0514 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
23:05:23.0865 0x0514 HomeGroupListener - ok
23:05:23.0865 0x0514 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
23:05:23.0881 0x0514 HomeGroupProvider - ok
23:05:23.0881 0x0514 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
23:05:23.0881 0x0514 HpSAMD - ok
23:05:23.0897 0x0514 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
23:05:23.0912 0x0514 HTTP - ok
23:05:23.0928 0x0514 [ F6C1661C55EAAD2DD9FBB37D5DF1A011, 8511A28F6FAECCBB86342B9490158C2E1031B6161DAD702D0DC2991366DB28DA ] huawei_enumerator C:\WINDOWS\System32\drivers\ew_jubusenum.sys
23:05:23.0928 0x0514 huawei_enumerator - ok
23:05:23.0928 0x0514 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
23:05:23.0928 0x0514 hwpolicy - ok
23:05:23.0928 0x0514 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
23:05:23.0928 0x0514 hyperkbd - ok
23:05:23.0928 0x0514 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
23:05:23.0928 0x0514 HyperVideo - ok
23:05:23.0944 0x0514 [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
23:05:23.0944 0x0514 i8042prt - ok
23:05:23.0944 0x0514 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
23:05:23.0944 0x0514 iaLPSSi_GPIO - ok
23:05:23.0944 0x0514 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
23:05:23.0944 0x0514 iaLPSSi_I2C - ok
23:05:23.0975 0x0514 [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
23:05:23.0990 0x0514 iaStorA - ok
23:05:24.0022 0x0514 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
23:05:24.0053 0x0514 iaStorAV - ok
23:05:24.0053 0x0514 [ 584068E03829BC5C63F54B05E6244E97, C075E8A4853C0DE09A9BF846338F9C8997FE7ACD604B4EC02AA89F0DAA1D985B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:05:24.0053 0x0514 IAStorDataMgrSvc - ok
23:05:24.0069 0x0514 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
23:05:24.0069 0x0514 iaStorV - ok
23:05:24.0084 0x0514 IEEtwCollectorService - ok
23:05:24.0162 0x0514 [ 4F6363C26B4A3DDBC9FAFCBA68602B01, 0920551F9312D967AAA68003BD8C4A312AA8F1E8B826DDE8BF59B9B639AB5F3B ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
23:05:24.0209 0x0514 igfx - ok
23:05:24.0256 0x0514 [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
23:05:24.0272 0x0514 IKEEXT - ok
23:05:24.0319 0x0514 [ 54513301C76D3C0220B74C7D6E7B4B0A, ADF16EE870343961F1B098362C6B914EB08B36841E988701BCD9A4A24506355A ] impi_smpd C:\Program Files\PTC\Creo 3.0\M030\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe
23:05:24.0334 0x0514 impi_smpd - ok
23:05:24.0334 0x0514 [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
23:05:24.0334 0x0514 intaud_WaveExtensible - ok
23:05:24.0412 0x0514 [ F1A3ECE3809AF333810ED0A872200226, BF1CC3EE64A9BDE41A5139A56016DE79DB87212D130B6024A03206CFCF65AC72 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
23:05:24.0459 0x0514 IntcAzAudAddService - ok
23:05:24.0459 0x0514 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
23:05:24.0475 0x0514 intelide - ok
23:05:24.0475 0x0514 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
23:05:24.0475 0x0514 intelpep - ok
23:05:24.0475 0x0514 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
23:05:24.0475 0x0514 intelppm - ok
23:05:24.0475 0x0514 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:05:24.0490 0x0514 IpFilterDriver - ok
23:05:24.0506 0x0514 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
23:05:24.0522 0x0514 iphlpsvc - ok
23:05:24.0522 0x0514 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
23:05:24.0522 0x0514 IPMIDRV - ok
23:05:24.0522 0x0514 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
23:05:24.0522 0x0514 IPNAT - ok
23:05:24.0537 0x0514 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
23:05:24.0537 0x0514 IRENUM - ok
23:05:24.0537 0x0514 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
23:05:24.0537 0x0514 isapnp - ok
23:05:24.0537 0x0514 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
23:05:24.0553 0x0514 iScsiPrt - ok
23:05:24.0553 0x0514 [ 5C9B001D8970C2DA36254A916F3DA8F7, 625AC5C3DFAE52BD34EC3F93742D1D2C229785E4F0F3484CFB7B8728A1C830DF ] iumsvc C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
23:05:24.0553 0x0514 iumsvc - ok
23:05:24.0553 0x0514 [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
23:05:24.0569 0x0514 iwdbus - ok
23:05:24.0569 0x0514 [ 38515AF94AC56161F24AEE3F3681EC69, 20115363EA040641C04C75B6890A7CCDE9A65F57EB437BE28DF7AD5200EC4608 ] JMCR C:\WINDOWS\System32\drivers\jmcr.sys
23:05:24.0569 0x0514 JMCR - ok
23:05:24.0569 0x0514 [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
23:05:24.0569 0x0514 kbdclass - ok
23:05:24.0584 0x0514 [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
23:05:24.0584 0x0514 kbdhid - ok
23:05:24.0584 0x0514 [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr C:\WINDOWS\system32\drivers\kbldfltr.sys
23:05:24.0584 0x0514 kbldfltr - ok
23:05:24.0584 0x0514 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
23:05:24.0584 0x0514 kdnic - ok
23:05:24.0584 0x0514 [ D2E87BEDDF327652F942EF6FBF2B1B94, C7021D6A75F0C168BC3B20CD2FE158FC3BA38DD0B428B2DDA28CDEF0CCF5B429 ] keycrypt C:\WINDOWS\system32\DRIVERS\KeyCrypt64.sys
23:05:24.0584 0x0514 keycrypt - ok
23:05:24.0600 0x0514 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
23:05:24.0600 0x0514 KeyIso - ok
23:05:24.0600 0x0514 [ C1ABAED294E2F9937329452B01A2FB2C, 8FD97C20A5157D689F58B3A51080F4548AE32E5E2259275779A8AAB0296FFD87 ] KeyScrambler C:\WINDOWS\system32\drivers\keyscrambler.sys
23:05:24.0600 0x0514 KeyScrambler - ok
23:05:24.0615 0x0514 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
23:05:24.0615 0x0514 KSecDD - ok
23:05:24.0615 0x0514 [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
23:05:24.0615 0x0514 KSecPkg - ok
23:05:24.0615 0x0514 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
23:05:24.0631 0x0514 ksthunk - ok
23:05:24.0631 0x0514 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
23:05:24.0631 0x0514 KtmRm - ok
23:05:24.0647 0x0514 [ 50AECF8C21AB2A6428A6E1E10549D8E5, 6BC7C60CF5E8AFB9972619EE1C78357756E9C0A3EC783C3056CEB600DCBB1555 ] L1C C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
23:05:24.0647 0x0514 L1C - ok
23:05:24.0647 0x0514 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
23:05:24.0662 0x0514 LanmanServer - ok
23:05:24.0662 0x0514 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
23:05:24.0678 0x0514 LanmanWorkstation - ok
23:05:24.0678 0x0514 [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
23:05:24.0694 0x0514 lfsvc - ok
23:05:24.0694 0x0514 [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr C:\WINDOWS\system32\DRIVERS\LhdX64.sys
23:05:24.0694 0x0514 LHDmgr - ok
23:05:24.0694 0x0514 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
23:05:24.0694 0x0514 lltdio - ok
23:05:24.0709 0x0514 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
23:05:24.0709 0x0514 lltdsvc - ok
23:05:24.0709 0x0514 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
23:05:24.0725 0x0514 lmhosts - ok
23:05:24.0725 0x0514 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
23:05:24.0725 0x0514 LSI_SAS - ok
23:05:24.0725 0x0514 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
23:05:24.0725 0x0514 LSI_SAS2 - ok
23:05:24.0740 0x0514 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
23:05:24.0740 0x0514 LSI_SAS3 - ok
23:05:24.0740 0x0514 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
23:05:24.0740 0x0514 LSI_SSS - ok
23:05:24.0756 0x0514 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
23:05:24.0772 0x0514 LSM - ok
23:05:24.0772 0x0514 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
23:05:24.0772 0x0514 luafv - ok
23:05:24.0772 0x0514 [ F168E237D9919D22E2071FF7995D20CF, DFFDCDE9BE1F7C6ADE9452C0566826A7D49FEAA29E92D1ADC3FAF822BE5DE401 ] massfilter C:\WINDOWS\System32\drivers\massfilter.sys
23:05:24.0772 0x0514 massfilter - ok
23:05:24.0787 0x0514 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
23:05:24.0787 0x0514 megasas - ok
23:05:24.0787 0x0514 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
23:05:24.0803 0x0514 megasr - ok
23:05:24.0803 0x0514 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
23:05:24.0803 0x0514 MEIx64 - ok
23:05:24.0803 0x0514 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
23:05:24.0819 0x0514 MMCSS - ok
23:05:24.0819 0x0514 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
23:05:24.0819 0x0514 Modem - ok
23:05:24.0819 0x0514 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
23:05:24.0819 0x0514 monitor - ok
23:05:24.0819 0x0514 [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
23:05:24.0819 0x0514 mouclass - ok
23:05:24.0834 0x0514 [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
23:05:24.0834 0x0514 mouhid - ok
23:05:24.0834 0x0514 [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
23:05:24.0834 0x0514 mountmgr - ok
23:05:24.0834 0x0514 [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:05:24.0850 0x0514 MozillaMaintenance - ok
23:05:24.0850 0x0514 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
23:05:24.0850 0x0514 mpsdrv - ok
23:05:24.0865 0x0514 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
23:05:24.0881 0x0514 MpsSvc - ok
23:05:24.0881 0x0514 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
23:05:24.0881 0x0514 MRxDAV - ok
23:05:24.0897 0x0514 [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:05:24.0897 0x0514 mrxsmb - ok
23:05:24.0912 0x0514 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
23:05:24.0912 0x0514 mrxsmb10 - ok
23:05:24.0912 0x0514 [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
23:05:24.0912 0x0514 mrxsmb20 - ok
23:05:24.0928 0x0514 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
23:05:24.0928 0x0514 MsBridge - ok
23:05:24.0928 0x0514 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
23:05:24.0928 0x0514 MSDTC - ok
23:05:24.0944 0x0514 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:05:24.0944 0x0514 Msfs - ok
23:05:24.0944 0x0514 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
23:05:24.0944 0x0514 msgpiowin32 - ok
23:05:24.0944 0x0514 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
23:05:24.0944 0x0514 mshidkmdf - ok
23:05:24.0959 0x0514 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
23:05:24.0959 0x0514 mshidumdf - ok
23:05:24.0959 0x0514 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
23:05:24.0959 0x0514 msisadrv - ok
23:05:24.0959 0x0514 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
23:05:24.0959 0x0514 MSiSCSI - ok
23:05:24.0975 0x0514 msiserver - ok
23:05:24.0975 0x0514 [ 4C1A0E9B4C6CC09E8C68FD33998013AA, 190ADFCCAE844DB9F807BD9668EB90BE0C9887719DF2820E66D121655AF27614 ] MsKeyboardFilter C:\WINDOWS\System32\KeyboardFilterSvc.dll
23:05:24.0975 0x0514 MsKeyboardFilter - ok
23:05:24.0975 0x0514 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:05:24.0975 0x0514 MSKSSRV - ok
23:05:24.0975 0x0514 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
23:05:24.0990 0x0514 MsLldp - ok
23:05:24.0990 0x0514 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:05:24.0990 0x0514 MSPCLOCK - ok
23:05:24.0990 0x0514 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:05:24.0990 0x0514 MSPQM - ok
23:05:24.0990 0x0514 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
23:05:25.0006 0x0514 MsRPC - ok
23:05:25.0006 0x0514 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
23:05:25.0006 0x0514 mssmbios - ok
23:05:25.0006 0x0514 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:05:25.0006 0x0514 MSTEE - ok
23:05:25.0022 0x0514 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
23:05:25.0022 0x0514 MTConfig - ok
23:05:25.0022 0x0514 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
23:05:25.0022 0x0514 Mup - ok
23:05:25.0022 0x0514 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
23:05:25.0022 0x0514 mvumis - ok
23:05:25.0037 0x0514 [ 431F065E2A99FC3C670BD20694117C8B, ADE1D6B5EC0C0F078DB5F24FE4E830AC08FA1EDA1C895E7F4873874BCC1F2154 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:05:25.0037 0x0514 MyWiFiDHCPDNS - ok
23:05:25.0053 0x0514 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
23:05:25.0053 0x0514 napagent - ok
23:05:25.0069 0x0514 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
23:05:25.0069 0x0514 NativeWifiP - ok
23:05:25.0084 0x0514 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
23:05:25.0084 0x0514 NcaSvc - ok
23:05:25.0084 0x0514 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
23:05:25.0084 0x0514 NcbService - ok
23:05:25.0100 0x0514 [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
23:05:25.0100 0x0514 NcdAutoSetup - ok
23:05:25.0115 0x0514 [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
23:05:25.0131 0x0514 NDIS - ok
23:05:25.0131 0x0514 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
23:05:25.0131 0x0514 NdisCap - ok
23:05:25.0147 0x0514 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
23:05:25.0147 0x0514 NdisImPlatform - ok
23:05:25.0147 0x0514 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:05:25.0147 0x0514 NdisTapi - ok
23:05:25.0147 0x0514 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:05:25.0147 0x0514 Ndisuio - ok
23:05:25.0162 0x0514 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
23:05:25.0162 0x0514 NdisVirtualBus - ok
23:05:25.0162 0x0514 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:05:25.0162 0x0514 NdisWan - ok
23:05:25.0162 0x0514 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:05:25.0178 0x0514 NdisWanLegacy - ok
23:05:25.0178 0x0514 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:05:25.0178 0x0514 NDProxy - ok
23:05:25.0178 0x0514 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
23:05:25.0178 0x0514 Ndu - ok
23:05:25.0194 0x0514 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:05:25.0194 0x0514 NetBIOS - ok
23:05:25.0194 0x0514 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:05:25.0194 0x0514 NetBT - ok
23:05:25.0209 0x0514 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
23:05:25.0209 0x0514 Netlogon - ok
23:05:25.0209 0x0514 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
23:05:25.0209 0x0514 Netman - ok
23:05:25.0225 0x0514 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
23:05:25.0240 0x0514 netprofm - ok
23:05:25.0240 0x0514 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:05:25.0240 0x0514 NetTcpPortSharing - ok
23:05:25.0256 0x0514 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
23:05:25.0256 0x0514 netvsc - ok
23:05:25.0334 0x0514 [ 3483D44E1B24F17E622870801403AD13, EF9C5290777A4E277D47C87A174FF9441BE23CAD2F456D35B808463041F4675C ] NETwNe64 C:\WINDOWS\system32\DRIVERS\NETwew00.sys
23:05:25.0381 0x0514 NETwNe64 - ok
23:05:25.0397 0x0514 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
23:05:25.0412 0x0514 NlaSvc - ok
23:05:25.0412 0x0514 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:05:25.0412 0x0514 Npfs - ok
23:05:25.0412 0x0514 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
23:05:25.0412 0x0514 npsvctrig - ok
23:05:25.0412 0x0514 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
23:05:25.0412 0x0514 nsi - ok
23:05:25.0428 0x0514 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
23:05:25.0428 0x0514 nsiproxy - ok
23:05:25.0459 0x0514 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:05:25.0490 0x0514 Ntfs - ok
23:05:25.0490 0x0514 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
23:05:25.0490 0x0514 Null - ok
23:05:25.0506 0x0514 [ DA16D10F446F9F9CE3EDB395A34ED5EE, F2F7592BEDB2F5D9981C49695987C7767DA9995A5963B3483EFC7ADE6B39669D ] NuTCRACKERService C:\WINDOWS\system32\nutsrv4.exe
23:05:25.0522 0x0514 NuTCRACKERService - ok
23:05:25.0678 0x0514 [ 3B99271224C43ADAB5A7F8D4B574AE3F, 931B011EA7796C61922D892C11D880BCC0383FCECABC4F4855AF89BA20B9B01B ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
23:05:25.0803 0x0514 nvlddmkm - ok
23:05:25.0834 0x0514 [ EC4F787905DC5753C46A4C05CEBADF45, 334E7E277A6FDABD91108DC4FE0D861DE6C00616CCFDC5E2D390CDDED62AF5D5 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
23:05:25.0881 0x0514 NvNetworkService - ok
23:05:25.0897 0x0514 [ 6DBDE7A7C81F05C20C82291401627503, F4CED36A12D4C0F2C8220FC36C7067C50C3DC1D8D6158FF414DA9F8789757564 ] nvpciflt C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
23:05:25.0897 0x0514 nvpciflt - ok
23:05:25.0897 0x0514 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
23:05:25.0912 0x0514 nvraid - ok
23:05:25.0912 0x0514 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
23:05:25.0912 0x0514 nvstor - ok
23:05:25.0928 0x0514 [ D92F4ED189C8207D0274B8B6BB494892, 8F7656662D3F26BE51AED9B7368278B18915F98A627E70021F914016BF3E22DB ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
23:05:25.0928 0x0514 NvStreamKms - ok
23:05:25.0928 0x0514 NvStreamSvc - ok
23:05:25.0959 0x0514 [ 97ADEBE576474D4CEC53F8E06590FFC8, 2CC8587AAB595D7621AA57A33D94789BD9DC6DBFB4FA9BDEFBB425B7ACCB65AB ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
23:05:25.0975 0x0514 nvsvc - ok
23:05:25.0975 0x0514 [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
23:05:25.0975 0x0514 nvvad_WaveExtensible - ok
23:05:25.0991 0x0514 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
23:05:25.0991 0x0514 nv_agp - ok
23:05:25.0991 0x0514 [ B9C125314A025127FE562C116D614AA3, 79C46C0BACEBBB5B8E1C162766B21587365A100BBAD01171C77B995C514BC7D6 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:05:25.0991 0x0514 ose64 - ok
23:05:26.0006 0x0514 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
23:05:26.0006 0x0514 p2pimsvc - ok
23:05:26.0022 0x0514 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
23:05:26.0037 0x0514 p2psvc - ok
23:05:26.0037 0x0514 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
23:05:26.0037 0x0514 Parport - ok
23:05:26.0037 0x0514 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
23:05:26.0037 0x0514 partmgr - ok
23:05:26.0053 0x0514 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
23:05:26.0053 0x0514 PcaSvc - ok
23:05:26.0069 0x0514 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
23:05:26.0069 0x0514 pci - ok
23:05:26.0069 0x0514 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
23:05:26.0084 0x0514 pciide - ok
23:05:26.0084 0x0514 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
23:05:26.0084 0x0514 pcmcia - ok
23:05:26.0084 0x0514 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
23:05:26.0084 0x0514 pcw - ok
23:05:26.0100 0x0514 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
23:05:26.0100 0x0514 pdc - ok
23:05:26.0116 0x0514 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
23:05:26.0116 0x0514 PEAUTH - ok
23:05:26.0178 0x0514 [ A35EC8F902475350DA31BDF0E1402A91, 5AB43B4BD70B44A62FFD21A9D3CB8D1BC035B6E001DBB1BAC30D6D7A07475D83 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll
23:05:26.0209 0x0514 PeerDistSvc - ok
23:05:26.0256 0x0514 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
23:05:26.0256 0x0514 PerfHost - ok
23:05:26.0334 0x0514 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
23:05:26.0366 0x0514 pla - ok
23:05:26.0366 0x0514 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
23:05:26.0366 0x0514 PlugPlay - ok
23:05:26.0381 0x0514 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
23:05:26.0381 0x0514 PNRPAutoReg - ok
23:05:26.0381 0x0514 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
23:05:26.0397 0x0514 PNRPsvc - ok
23:05:26.0397 0x0514 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
23:05:26.0412 0x0514 PolicyAgent - ok
23:05:26.0412 0x0514 [ 9F21A810D819853D7EA8B52182E0042D, 7C36F69CEE10A361D261E39679FCF83B54E44EA7E5BB3B29387AFA89A520344E ] PortmapperService C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe
23:05:26.0412 0x0514 Suspicious file ( Hidden ): C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe. md5: 9F21A810D819853D7EA8B52182E0042D, sha256: 7C36F69CEE10A361D261E39679FCF83B54E44EA7E5BB3B29387AFA89A520344E
23:05:26.0412 0x0514 PortmapperService - detected HiddenFile.Multi.Generic ( 1 )
23:05:30.0597 0x0514 PortmapperService ( HiddenFile.Multi.Generic ) - warning
23:05:30.0597 0x0514 Force sending object to P2P due to detect: PortmapperService
23:05:34.0566 0x0514 Object send P2P result: true
23:05:38.0410 0x0514 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
23:05:38.0410 0x0514 Power - ok
23:05:38.0426 0x0514 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:05:38.0441 0x0514 PptpMiniport - ok
23:05:38.0504 0x0514 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
23:05:38.0551 0x0514 PrintNotify - ok
23:05:38.0582 0x0514 [ E826037EF334F1FE279FE4A4CEDD9ECA, 9B08CE3BB5CFCF17E66C7C0C812C2D5BDA5110641AA6D24A0E693EC3A6A01449 ] Privacy Content Firewall C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogService.exe
23:05:38.0613 0x0514 Privacy Content Firewall - ok
23:05:38.0613 0x0514 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
23:05:38.0613 0x0514 Processor - ok
23:05:38.0629 0x0514 [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
23:05:38.0629 0x0514 ProfSvc - ok
23:05:38.0629 0x0514 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
23:05:38.0645 0x0514 Psched - ok
23:05:38.0645 0x0514 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
23:05:38.0645 0x0514 QWAVE - ok
23:05:38.0660 0x0514 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
23:05:38.0660 0x0514 QWAVEdrv - ok
23:05:38.0660 0x0514 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:05:38.0660 0x0514 RasAcd - ok
23:05:38.0660 0x0514 [ E8FFD8BE3C50E7A71C5FBB87BDD1128E, 3E3EB906CC9A1CCA09580DA9F94DD0E1162CABD343874B76718DC4F2E9069C4E ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
23:05:38.0660 0x0514 RasAgileVpn - ok
23:05:38.0676 0x0514 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:05:38.0676 0x0514 RasAuto - ok
23:05:38.0676 0x0514 [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:05:38.0676 0x0514 Rasl2tp - ok
23:05:38.0691 0x0514 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:05:38.0691 0x0514 RasMan - ok
23:05:38.0707 0x0514 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:05:38.0707 0x0514 RasPppoe - ok
23:05:38.0707 0x0514 [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
23:05:38.0707 0x0514 RasSstp - ok
23:05:38.0723 0x0514 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:05:38.0723 0x0514 rdbss - ok
23:05:38.0738 0x0514 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
23:05:38.0738 0x0514 rdpbus - ok
23:05:38.0738 0x0514 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
23:05:38.0738 0x0514 RDPDR - ok
23:05:38.0738 0x0514 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
23:05:38.0754 0x0514 RdpVideoMiniport - ok
23:05:38.0770 0x0514 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
23:05:38.0770 0x0514 rdyboost - ok
23:05:38.0816 0x0514 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
23:05:38.0832 0x0514 ReFS - ok
23:05:38.0848 0x0514 [ D4F8266D63800FF9ACFAC838005A974C, 4FF1053A6B5365867F58AE521FDD32565C144686CB399C2B606005A507EC206E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:05:38.0848 0x0514 RegSrvc - ok
23:05:38.0863 0x0514 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:05:38.0879 0x0514 RemoteAccess - ok
23:05:38.0879 0x0514 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:05:38.0895 0x0514 RemoteRegistry - ok
23:05:38.0895 0x0514 [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
23:05:38.0895 0x0514 Revoflt - ok
23:05:38.0910 0x0514 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
23:05:38.0910 0x0514 RFCOMM - ok
23:05:38.0910 0x0514 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
23:05:38.0926 0x0514 RpcEptMapper - ok
23:05:38.0926 0x0514 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
23:05:38.0926 0x0514 RpcLocator - ok
23:05:38.0941 0x0514 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:05:38.0957 0x0514 RpcSs - ok
23:05:38.0957 0x0514 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
23:05:38.0957 0x0514 rspndr - ok
23:05:39.0129 0x0514 [ D70FB1C2AA34C69EAA4C68198630B89C, D28C82AD6BA46C3714B73BB72497B0E24B35CC80B5E0BF238A13CEB5A2107076 ] rtsuvc C:\WINDOWS\system32\DRIVERS\rtsuvc.sys
23:05:39.0238 0x0514 rtsuvc - ok
23:05:39.0238 0x0514 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
23:05:39.0238 0x0514 s3cap - ok
23:05:39.0238 0x0514 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
23:05:39.0254 0x0514 SamSs - ok
23:05:39.0254 0x0514 [ AD7231A60287E71E6D754264D55F3386, 4197E6CB06C6BAF9B850879CCB6DDBD5EBE977CA7981237903C0E67ACEC0EE3D ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
23:05:39.0254 0x0514 SbieDrv - ok
23:05:39.0254 0x0514 [ A9E1788755F2E37E5FC37A8D56845C92, 5FDEC64FAFC7FA9B4EDEAEE3CF0E12CD3D766B2B4D7F3B2307675476F3B87C62 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
23:05:39.0270 0x0514 SbieSvc - ok
23:05:39.0270 0x0514 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
23:05:39.0270 0x0514 sbp2port - ok
23:05:39.0285 0x0514 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
23:05:39.0285 0x0514 SCardSvr - ok
23:05:39.0301 0x0514 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
23:05:39.0316 0x0514 ScDeviceEnum - ok
23:05:39.0316 0x0514 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
23:05:39.0316 0x0514 scfilter - ok
23:05:39.0348 0x0514 [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:05:39.0379 0x0514 Schedule - ok
23:05:39.0395 0x0514 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
23:05:39.0395 0x0514 SCPolicySvc - ok
23:05:39.0395 0x0514 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
23:05:39.0395 0x0514 sdbus - ok
23:05:39.0426 0x0514 [ 206387AB881E93A1A6EB89966C8651F1, 3BF9DFF3E70F0787F7F94BE5B9717DFADD9E13AB8154FAE295CEAC834F0835E5 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
23:05:39.0441 0x0514 SDScannerService - ok
23:05:39.0457 0x0514 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
23:05:39.0473 0x0514 sdstor - ok
23:05:39.0520 0x0514 [ A529CFE32565C0B145578FFB2B32C9A5, 4B1596CBDDA74D510707FD475AAB3A89B1203E0B95ECAE3756CAA56555F9F66D ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
23:05:39.0551 0x0514 SDUpdateService - ok
23:05:39.0551 0x0514 [ CB63BDB77BB86549FC3303C2F11EDC18, 1C96C082B9CE08C8F3C088D5DE68BA8783E6F6A837A88E2654BC4CBCF7B81846 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
23:05:39.0566 0x0514 SDWSCService - ok
23:05:39.0566 0x0514 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
23:05:39.0566 0x0514 secdrv - ok
23:05:39.0566 0x0514 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll
23:05:39.0566 0x0514 seclogon - ok
23:05:39.0582 0x0514 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
23:05:39.0582 0x0514 SENS - ok
23:05:39.0582 0x0514 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
23:05:39.0582 0x0514 SensrSvc - ok
23:05:39.0598 0x0514 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
23:05:39.0598 0x0514 SerCx - ok
23:05:39.0598 0x0514 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
23:05:39.0598 0x0514 SerCx2 - ok
23:05:39.0613 0x0514 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
23:05:39.0613 0x0514 Serenum - ok
23:05:39.0613 0x0514 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
23:05:39.0613 0x0514 Serial - ok
23:05:39.0613 0x0514 [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
23:05:39.0613 0x0514 sermouse - ok
23:05:39.0629 0x0514 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
23:05:39.0645 0x0514 SessionEnv - ok
23:05:39.0645 0x0514 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
23:05:39.0645 0x0514 sfloppy - ok
23:05:39.0676 0x0514 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:05:39.0691 0x0514 SharedAccess - ok
23:05:39.0723 0x0514 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:05:39.0738 0x0514 ShellHWDetection - ok
23:05:39.0738 0x0514 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
23:05:39.0754 0x0514 SiSRaid2 - ok
23:05:39.0754 0x0514 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
23:05:39.0754 0x0514 SiSRaid4 - ok
23:05:39.0754 0x0514 [ 165AB7677D53868AA61FB26B739C66DB, 8991AF9673B2F9664C90607FD40BA3813B798340E565E87FC07F78C6C6756740 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
23:05:39.0770 0x0514 SmbDrvI - ok
23:05:39.0770 0x0514 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
23:05:39.0770 0x0514 smphost - ok
23:05:39.0785 0x0514 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
23:05:39.0785 0x0514 SNMPTRAP - ok
23:05:39.0785 0x0514 [ 4945020BC094C322571184A6E8056B3A, 9E09257411F7C3631537D0198E0E64CDD1A697D80430F6379139B15A2BA8A6C9 ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
23:05:39.0785 0x0514 SolidWorks Licensing Service - ok
23:05:39.0816 0x0514 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
23:05:39.0816 0x0514 spaceport - ok
23:05:39.0816 0x0514 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
23:05:39.0832 0x0514 SpbCx - ok
23:05:39.0848 0x0514 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\WINDOWS\System32\spoolsv.exe
23:05:39.0879 0x0514 Spooler - ok
23:05:40.0020 0x0514 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
23:05:40.0098 0x0514 sppsvc - ok
23:05:40.0113 0x0514 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:05:40.0113 0x0514 srv - ok
23:05:40.0129 0x0514 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
23:05:40.0145 0x0514 srv2 - ok
23:05:40.0145 0x0514 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
23:05:40.0145 0x0514 srvnet - ok
23:05:40.0160 0x0514 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:05:40.0160 0x0514 SSDPSRV - ok
23:05:40.0160 0x0514 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
23:05:40.0176 0x0514 SstpSvc - ok
23:05:40.0176 0x0514 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
23:05:40.0176 0x0514 ssudmdm - ok
23:05:40.0176 0x0514 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
23:05:40.0192 0x0514 stexstor - ok
23:05:40.0192 0x0514 [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam C:\WINDOWS\System32\drivers\serscan.sys
23:05:40.0192 0x0514 StillCam - ok
23:05:40.0207 0x0514 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
23:05:40.0207 0x0514 stisvc - ok
23:05:40.0223 0x0514 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
23:05:40.0223 0x0514 storahci - ok
23:05:40.0223 0x0514 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
23:05:40.0223 0x0514 storflt - ok
23:05:40.0223 0x0514 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
23:05:40.0223 0x0514 stornvme - ok
23:05:40.0238 0x0514 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
23:05:40.0238 0x0514 StorSvc - ok
23:05:40.0238 0x0514 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
23:05:40.0238 0x0514 storvsc - ok
23:05:40.0238 0x0514 [ 03618F935379614837F915D04C45FC0E, 9CC0CBA7AFC58E7F921C13FA3F5269714F1F827535A311E11EA48689C4D539DE ] storvsp C:\WINDOWS\System32\drivers\storvsp.sys
23:05:40.0238 0x0514 storvsp - ok
23:05:40.0254 0x0514 [ F07850E89839894F731E4562B64E08A5, BF11E096E1CC57B57FFB4E0528DB43F6B049A7E8A0C00C34E03A00EF2F2092B6 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
23:05:40.0254 0x0514 SUService - ok
23:05:40.0254 0x0514 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
23:05:40.0254 0x0514 svsvc - ok
23:05:40.0254 0x0514 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
23:05:40.0254 0x0514 swenum - ok
23:05:40.0270 0x0514 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
23:05:40.0285 0x0514 swprv - ok
23:05:40.0301 0x0514 [ 1436A1A955D758AB6242F7FFC92FCCA4, F772A3FC2EC43D07BEE403118A2B96195914A6B84DDDE145B65D0C402E7BB235 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:05:40.0301 0x0514 SynTP - ok
23:05:40.0332 0x0514 [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\WINDOWS\system32\sysmain.dll
23:05:40.0363 0x0514 SysMain - ok
23:05:40.0379 0x0514 [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
23:05:40.0395 0x0514 SystemEventsBroker - ok
23:05:40.0395 0x0514 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
23:05:40.0410 0x0514 TabletInputService - ok
23:05:40.0410 0x0514 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:05:40.0426 0x0514 TapiSrv - ok
23:05:40.0520 0x0514 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
23:05:40.0535 0x0514 Tcpip - ok
23:05:40.0582 0x0514 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:05:40.0613 0x0514 TCPIP6 - ok
23:05:40.0629 0x0514 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
23:05:40.0629 0x0514 tcpipreg - ok
23:05:40.0629 0x0514 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
23:05:40.0645 0x0514 tdx - ok
23:05:40.0645 0x0514 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
23:05:40.0645 0x0514 terminpt - ok
23:05:40.0660 0x0514 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
23:05:40.0676 0x0514 TermService - ok
23:05:40.0692 0x0514 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
23:05:40.0692 0x0514 Themes - ok
23:05:40.0692 0x0514 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
23:05:40.0692 0x0514 THREADORDER - ok
23:05:40.0707 0x0514 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
23:05:40.0707 0x0514 TimeBroker - ok
23:05:40.0723 0x0514 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
23:05:40.0723 0x0514 TPM - ok
23:05:40.0723 0x0514 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
23:05:40.0723 0x0514 TrkWks - ok
23:05:40.0723 0x0514 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
23:05:40.0738 0x0514 TrustedInstaller - ok
23:05:40.0738 0x0514 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
23:05:40.0738 0x0514 TsUsbFlt - ok
23:05:40.0738 0x0514 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
23:05:40.0738 0x0514 TsUsbGD - ok
23:05:40.0754 0x0514 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
23:05:40.0754 0x0514 tunnel - ok
23:05:40.0754 0x0514 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
23:05:40.0754 0x0514 uagp35 - ok
23:05:40.0754 0x0514 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
23:05:40.0754 0x0514 UASPStor - ok
23:05:40.0770 0x0514 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
23:05:40.0770 0x0514 UCX01000 - ok
23:05:40.0785 0x0514 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
23:05:40.0785 0x0514 udfs - ok
23:05:40.0785 0x0514 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
23:05:40.0785 0x0514 UEFI - ok
23:05:40.0801 0x0514 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
23:05:40.0801 0x0514 UI0Detect - ok
23:05:40.0801 0x0514 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
23:05:40.0801 0x0514 uliagpkx - ok
23:05:40.0801 0x0514 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
23:05:40.0801 0x0514 umbus - ok
23:05:40.0817 0x0514 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
23:05:40.0817 0x0514 UmPass - ok
23:05:40.0817 0x0514 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
23:05:40.0832 0x0514 UmRdpService - ok
23:05:40.0832 0x0514 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:05:40.0848 0x0514 upnphost - ok
23:05:40.0848 0x0514 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
23:05:40.0848 0x0514 usbccgp - ok
23:05:40.0863 0x0514 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
23:05:40.0863 0x0514 usbcir - ok
23:05:40.0863 0x0514 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
23:05:40.0863 0x0514 usbehci - ok
23:05:40.0879 0x0514 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
23:05:40.0879 0x0514 usbhub - ok
23:05:40.0895 0x0514 [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
23:05:40.0910 0x0514 USBHUB3 - ok
23:05:40.0910 0x0514 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
23:05:40.0910 0x0514 usbohci - ok
23:05:40.0910 0x0514 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
23:05:40.0910 0x0514 usbprint - ok
23:05:40.0910 0x0514 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\WINDOWS\System32\drivers\usbscan.sys
23:05:40.0926 0x0514 usbscan - ok
23:05:40.0926 0x0514 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
23:05:40.0926 0x0514 USBSTOR - ok
23:05:40.0926 0x0514 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
23:05:40.0926 0x0514 usbuhci - ok
23:05:40.0942 0x0514 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
23:05:40.0942 0x0514 USBXHCI - ok
23:05:40.0957 0x0514 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
23:05:40.0957 0x0514 VaultSvc - ok
23:05:40.0957 0x0514 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
23:05:40.0957 0x0514 vdrvroot - ok
23:05:40.0973 0x0514 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
23:05:41.0004 0x0514 vds - ok
23:05:41.0004 0x0514 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
23:05:41.0004 0x0514 VerifierExt - ok
23:05:41.0020 0x0514 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
23:05:41.0035 0x0514 vhdmp - ok
23:05:41.0035 0x0514 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
23:05:41.0035 0x0514 viaide - ok
|
|
30.06.2015, 22:45
| #4 |
| | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet VerbindungCode:
ATTFilter 23:05:41.0035 0x0514 [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid C:\WINDOWS\System32\drivers\Vid.sys
23:05:41.0051 0x0514 Vid - ok
23:05:41.0051 0x0514 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
23:05:41.0051 0x0514 vmbus - ok
23:05:41.0051 0x0514 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
23:05:41.0051 0x0514 VMBusHID - ok
23:05:41.0067 0x0514 [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr C:\WINDOWS\System32\drivers\vmbusr.sys
23:05:41.0067 0x0514 vmbusr - ok
23:05:41.0067 0x0514 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
23:05:41.0082 0x0514 vmicguestinterface - ok
23:05:41.0098 0x0514 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
23:05:41.0098 0x0514 vmicheartbeat - ok
23:05:41.0113 0x0514 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
23:05:41.0113 0x0514 vmickvpexchange - ok
23:05:41.0129 0x0514 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
23:05:41.0129 0x0514 vmicrdv - ok
23:05:41.0160 0x0514 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
23:05:41.0176 0x0514 vmicshutdown - ok
23:05:41.0192 0x0514 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
23:05:41.0207 0x0514 vmictimesync - ok
23:05:41.0238 0x0514 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
23:05:41.0254 0x0514 vmicvss - ok
23:05:41.0270 0x0514 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
23:05:41.0270 0x0514 volmgr - ok
23:05:41.0285 0x0514 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
23:05:41.0285 0x0514 volmgrx - ok
23:05:41.0301 0x0514 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
23:05:41.0317 0x0514 volsnap - ok
23:05:41.0317 0x0514 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
23:05:41.0317 0x0514 vpci - ok
23:05:41.0332 0x0514 [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp C:\WINDOWS\System32\drivers\vpcivsp.sys
23:05:41.0332 0x0514 vpcivsp - ok
23:05:41.0348 0x0514 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
23:05:41.0348 0x0514 vsmraid - ok
23:05:41.0379 0x0514 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\WINDOWS\system32\vssvc.exe
23:05:41.0410 0x0514 VSS - ok
23:05:41.0410 0x0514 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
23:05:41.0426 0x0514 VSTXRAID - ok
23:05:41.0426 0x0514 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
23:05:41.0426 0x0514 vwifibus - ok
23:05:41.0426 0x0514 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
23:05:41.0426 0x0514 vwififlt - ok
23:05:41.0442 0x0514 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
23:05:41.0442 0x0514 vwifimp - ok
23:05:41.0457 0x0514 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
23:05:41.0473 0x0514 W32Time - ok
23:05:41.0488 0x0514 [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll
23:05:41.0488 0x0514 w3logsvc - ok
23:05:41.0520 0x0514 [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll
23:05:41.0535 0x0514 W3SVC - ok
23:05:41.0535 0x0514 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
23:05:41.0551 0x0514 WacomPen - ok
23:05:41.0551 0x0514 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] WANARP C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:05:41.0551 0x0514 WANARP - ok
23:05:41.0551 0x0514 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:05:41.0567 0x0514 Wanarpv6 - ok
23:05:41.0582 0x0514 [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll
23:05:41.0598 0x0514 WAS - ok
23:05:41.0613 0x0514 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
23:05:41.0660 0x0514 wbengine - ok
23:05:41.0692 0x0514 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
23:05:41.0707 0x0514 WbioSrvc - ok
23:05:41.0723 0x0514 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
23:05:41.0738 0x0514 Wcmsvc - ok
23:05:41.0754 0x0514 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
23:05:41.0770 0x0514 wcncsvc - ok
23:05:41.0770 0x0514 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
23:05:41.0785 0x0514 WcsPlugInService - ok
23:05:41.0785 0x0514 [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
23:05:41.0785 0x0514 WdBoot - ok
23:05:41.0817 0x0514 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
23:05:41.0832 0x0514 Wdf01000 - ok
23:05:41.0832 0x0514 [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
23:05:41.0832 0x0514 WdFilter - ok
23:05:41.0848 0x0514 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
23:05:41.0848 0x0514 WdiServiceHost - ok
23:05:41.0848 0x0514 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
23:05:41.0848 0x0514 WdiSystemHost - ok
23:05:41.0863 0x0514 [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
23:05:41.0863 0x0514 WdNisDrv - ok
23:05:41.0863 0x0514 WdNisSvc - ok
23:05:41.0863 0x0514 [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:05:41.0879 0x0514 WebClient - ok
23:05:41.0879 0x0514 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
23:05:41.0895 0x0514 Wecsvc - ok
23:05:41.0895 0x0514 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
23:05:41.0895 0x0514 WEPHOSTSVC - ok
23:05:41.0895 0x0514 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
23:05:41.0895 0x0514 wercplsupport - ok
23:05:41.0910 0x0514 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
23:05:41.0910 0x0514 WerSvc - ok
23:05:41.0910 0x0514 [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
23:05:41.0910 0x0514 WFPLWFS - ok
23:05:41.0926 0x0514 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
23:05:41.0926 0x0514 WiaRpc - ok
23:05:41.0926 0x0514 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
23:05:41.0926 0x0514 WIMMount - ok
23:05:41.0926 0x0514 WinDefend - ok
23:05:41.0957 0x0514 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
23:05:41.0957 0x0514 WinHttpAutoProxySvc - ok
23:05:41.0973 0x0514 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:05:41.0973 0x0514 Winmgmt - ok
23:05:42.0035 0x0514 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
23:05:42.0082 0x0514 WinRM - ok
23:05:42.0098 0x0514 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\System32\drivers\WinUsb.sys
23:05:42.0098 0x0514 WinUsb - ok
23:05:42.0129 0x0514 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
23:05:42.0145 0x0514 WlanSvc - ok
23:05:42.0176 0x0514 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
23:05:42.0207 0x0514 wlidsvc - ok
23:05:42.0207 0x0514 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
23:05:42.0207 0x0514 WmiAcpi - ok
23:05:42.0223 0x0514 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
23:05:42.0223 0x0514 wmiApSrv - ok
23:05:42.0223 0x0514 WMPNetworkSvc - ok
23:05:42.0223 0x0514 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
23:05:42.0238 0x0514 Wof - ok
23:05:42.0270 0x0514 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
23:05:42.0285 0x0514 workfolderssvc - ok
23:05:42.0285 0x0514 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
23:05:42.0285 0x0514 wpcfltr - ok
23:05:42.0301 0x0514 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
23:05:42.0301 0x0514 WPCSvc - ok
23:05:42.0301 0x0514 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
23:05:42.0301 0x0514 WPDBusEnum - ok
23:05:42.0317 0x0514 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
23:05:42.0317 0x0514 WpdUpFltr - ok
23:05:42.0317 0x0514 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
23:05:42.0317 0x0514 ws2ifsl - ok
23:05:42.0317 0x0514 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
23:05:42.0332 0x0514 wscsvc - ok
23:05:42.0332 0x0514 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
23:05:42.0332 0x0514 WSDPrintDevice - ok
23:05:42.0332 0x0514 WSearch - ok
23:05:42.0442 0x0514 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
23:05:42.0488 0x0514 WSService - ok
23:05:42.0582 0x0514 [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
23:05:42.0645 0x0514 wuauserv - ok
23:05:42.0645 0x0514 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
23:05:42.0645 0x0514 WudfPf - ok
23:05:42.0660 0x0514 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
23:05:42.0660 0x0514 WUDFRd - ok
23:05:42.0660 0x0514 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
23:05:42.0676 0x0514 wudfsvc - ok
23:05:42.0676 0x0514 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
23:05:42.0676 0x0514 WUDFWpdFs - ok
23:05:42.0692 0x0514 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
23:05:42.0692 0x0514 WUDFWpdMtp - ok
23:05:42.0707 0x0514 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
23:05:42.0707 0x0514 WwanSvc - ok
23:05:42.0785 0x0514 [ 97D3DCBBF3915782644DB56F5C191B9F, 3207D951F8042ADA9256283E9D64C3427D145DB98172A87733F868215FF62EF4 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
23:05:42.0817 0x0514 ZeroConfigService - ok
23:05:42.0817 0x0514 [ 40826B3282E5D17A32695ABC7F55B129, BBDC08987A4F80CC29540DAFF75E784EC4B5D4CF80114BAC747B4223B44716FA ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
23:05:42.0817 0x0514 ZTEusbmdm6k - ok
23:05:42.0832 0x0514 [ 2027F0FB014474FA494C3A28D87BD836, 6DF3FFE4430FC90C4DB07F306B2B81D568DEA9F47BE0A5A77FDE5D941E9D9A19 ] ZTEusbnet C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
23:05:42.0832 0x0514 ZTEusbnet - ok
23:05:42.0832 0x0514 [ 40826B3282E5D17A32695ABC7F55B129, BBDC08987A4F80CC29540DAFF75E784EC4B5D4CF80114BAC747B4223B44716FA ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
23:05:42.0832 0x0514 ZTEusbnmea - ok
23:05:42.0848 0x0514 [ 40826B3282E5D17A32695ABC7F55B129, BBDC08987A4F80CC29540DAFF75E784EC4B5D4CF80114BAC747B4223B44716FA ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
23:05:42.0848 0x0514 ZTEusbser6k - ok
23:05:42.0848 0x0514 [ 40826B3282E5D17A32695ABC7F55B129, BBDC08987A4F80CC29540DAFF75E784EC4B5D4CF80114BAC747B4223B44716FA ] ZTEusbvoice C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
23:05:42.0848 0x0514 ZTEusbvoice - ok
23:05:42.0864 0x0514 ================ Scan global ===============================
23:05:42.0864 0x0514 [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
23:05:42.0864 0x0514 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
23:05:42.0879 0x0514 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
23:05:42.0895 0x0514 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
23:05:42.0895 0x0514 [ Global ] - ok
23:05:42.0895 0x0514 ================ Scan MBR ==================================
23:05:42.0895 0x0514 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:05:43.0004 0x0514 \Device\Harddisk0\DR0 - ok
23:05:43.0020 0x0514 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
23:05:43.0020 0x0514 \Device\Harddisk1\DR1 - ok
23:05:43.0020 0x0514 ================ Scan VBR ==================================
23:05:43.0035 0x0514 [ A6F9BA30FA7A1F434E85C30F7DF90F3B ] \Device\Harddisk0\DR0\Partition1
23:05:43.0035 0x0514 \Device\Harddisk0\DR0\Partition1 - ok
23:05:43.0035 0x0514 [ 8863C493790594EA9B7C1D82A1DA2303 ] \Device\Harddisk0\DR0\Partition2
23:05:43.0035 0x0514 \Device\Harddisk0\DR0\Partition2 - ok
23:05:43.0035 0x0514 [ 5B2387F55B7AEF2AE8073EC56945AD40 ] \Device\Harddisk1\DR1\Partition1
23:05:43.0442 0x0514 \Device\Harddisk1\DR1\Partition1 - ok
23:05:43.0457 0x0514 ================ Scan generic autorun ======================
23:05:43.0473 0x0514 [ 2FA26C993349B4D2016CBE21A49E5432, 9AD05224E1E2306271D1E2D74B63253F3807D4C60F8B94B661527B311D7E892A ] C:\WINDOWS\system32\igfxtray.exe
23:05:43.0489 0x0514 IgfxTray - ok
23:05:43.0520 0x0514 [ A608F8BDF259CB3C323247CC1A533A10, 82126BA52DBF2C97884BAFD5E5A74ABDCA3E092DACB8A4CADFF2851520727E5B ] C:\WINDOWS\system32\hkcmd.exe
23:05:43.0551 0x0514 HotKeysCmds - ok
23:05:43.0567 0x0514 [ 47189B3FB35A23FD5A491A79EDBEDA0D, 04986B81A450F65E16A974AA7F2987273887A0F9FFEE2D904D0FC64E8D3CDE22 ] C:\WINDOWS\system32\igfxpers.exe
23:05:43.0582 0x0514 Persistence - ok
23:05:43.0848 0x0514 [ 9CE8442B63A1E45E317E1B55A00FF441, 580517A62B41FB69F52A725895E25538A0FCA527D9ABC376EF56AEAE5BCC2DB9 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:05:44.0004 0x0514 RtHDVCpl - ok
23:05:44.0035 0x0514 [ 5E53A66C680A06E26B1234CB0C3CD99B, D782E724FF487459704BFA2BC5BA5E6E7E85BC9D71ECF68BE78F9C74449EB207 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
23:05:44.0051 0x0514 RtHDVBg_Dolby - ok
23:05:44.0332 0x0514 [ 65EE16AACAEBAF3D8EDEA422177B2DA0, D15F841043D04ACE2F3D376F0EA2A3F42B4FAAE78C82913529EB8576608D0B22 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
23:05:44.0582 0x0514 Energy Management - ok
23:05:44.0598 0x0514 [ 5EAF38FC08B9DE07AE8A3D814A3CF959, F9F1844F20106EE77664B848A056D6E06105647C61FC2F2B64BDFD05F76E7E3D ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
23:05:44.0598 0x0514 EnergyUtility - ok
23:05:44.0614 0x0514 SynLenovoGestureMgr - ok
23:05:44.0614 0x0514 SynTPEnh - ok
23:05:44.0645 0x0514 [ 1F441326CD77B3F1532D487004B180FF, FD2FE6EECE1EF99F800DAF7B0C825C94FACE4C6D5806A2335B4D3C41F1E87F7F ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
23:05:44.0676 0x0514 NvBackend - ok
23:05:44.0692 0x0514 [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\WINDOWS\system32\rundll32.exe
23:05:44.0692 0x0514 ShadowPlay - ok
23:05:44.0707 0x0514 [ F5A5DBADCD24BDF33BFDAA789E39C876, A0D931FA339CA1FB6198BF5DF327ECEB0881796FFF92BDE0F9FC2C233C46E83C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
23:05:44.0707 0x0514 AdobeAAMUpdater-1.0 - ok
23:05:44.0770 0x0514 [ 5311315E20754D2BCDEB635777BB21A0, 86F0EAB7A7965358B43C5E1C9414C127CF780E27B4EBD9C43A25B2D293FD8632 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
23:05:44.0801 0x0514 COMODO Internet Security - ok
23:05:44.0801 0x0514 CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} - ok
23:05:44.0801 0x0514 [ 28BBBFCC1AD839D1EED3AB392353590F, 9273EF234AC64DBC50EC25DE2DB5B99AAB42F340D9F7327F2AD88CAAC887EDDC ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
23:05:44.0801 0x0514 IAStorIcon - ok
23:05:44.0817 0x0514 [ 50D1476C84446135A990F4939DC2DC1D, D062F92863E32EC075BD672F3C185CE8C9329F8B679D5508C396131B1DB30EF7 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
23:05:44.0817 0x0514 Dolby Home Theater v4 - ok
23:05:44.0832 0x0514 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:05:44.0848 0x0514 Adobe ARM - ok
23:05:44.0957 0x0514 [ B5A4EBA9487F08BECC843A87422B8052, EA905E9169CE8C934F2D6F7E319A75E31EA9E1840CC455298BEB3F92E22FCAAE ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
23:05:45.0004 0x0514 SDTray - ok
23:05:45.0004 0x0514 Scan was interrupted by user!
23:05:45.0004 0x0514 Waiting for KSN requests completion. In queue: 226
23:05:46.0020 0x0514 Waiting for KSN requests completion. In queue: 226
23:05:47.0036 0x0514 Waiting for KSN requests completion. In queue: 226
23:05:48.0051 0x0514 Waiting for KSN requests completion. In queue: 226
23:05:49.0083 0x0514 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.11.550 ), 0x41000 ( enabled : updated )
23:05:49.0098 0x0514 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
23:05:49.0098 0x0514 AV detected via SS2: COMODO Antivirus, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.2.0.4591 ), 0x60000 ( disabled : updated )
23:05:49.0098 0x0514 FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.2.0.4591 ), 0x60010 ( disabled )
23:05:49.0114 0x0514 Win FW state via NFP2: enabled
23:05:53.0041 0x0514 ============================================================
23:05:53.0041 0x0514 Scan finished
23:05:53.0041 0x0514 ============================================================
23:05:53.0057 0x0fb0 Detected object count: 1
23:05:53.0057 0x0fb0 Actual detected object count: 1
23:06:19.0183 0x0fb0 PortmapperService ( HiddenFile.Multi.Generic ) - skipped by user
23:06:19.0183 0x0fb0 PortmapperService ( HiddenFile.Multi.Generic ) - User select action: Skip
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by ***** (administrator) on ******* on 30-06-2015 23:01:40
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available Profiles: ***** & ***** & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Comodo) C:\Program Files (x86)\COMODO\Chromodo\chromodo_updater.exe
(Comodo) C:\Program Files (x86)\COMODO\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files\PTC\Creo 3.0\M030\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PTC Inc.) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(AdTrustMedia) C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\COMODO\GeekBuddy\unit_manager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AdTrustMedia) C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe
(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-02-19] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-10] (COMODO)
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cis5D96.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PrivDogService] => C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe [662184 2014-06-17] (AdTrustMedia)
HKLM-x32\...\Run: [AntiLogger] => C:\Program Files (x86)\AntiLogger\AntiLogger.exe [14268328 2014-11-06] (Zemana Ltd.)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [ComodoFSFirefox] => "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /f
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2015-01-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37248 2015-04-06] (MKS Software Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-11] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-06-17] (QFX Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\MountPoints2: {5e4efe84-54b3-11e4-be9f-2089843b3022} - "H:\EasySuite.exe"
HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\MountPoints2: {5e4efed8-54b3-11e4-be9f-2089843b3022} - "H:\EasySuite.exe"
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(26).dll [88888 2013-12-12] (Zemana Ltd.)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-02-19] (NVIDIA Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-02-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(26).dll [81672 2013-12-12] (Zemana Ltd.)
AppInit_DLLs-x32: ,C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-02-19] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-04-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Schnellstart.lnk [2014-05-09]
ShortcutTarget: SolidWorks 2014 Schnellstart.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Hintergrund-Downloader.lnk [2014-05-09]
ShortcutTarget: SolidWorks Hintergrund-Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2014-01-08]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\konvicto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-01-27]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1110200231-202011538-1979519991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t.de.msn.com/
HKU\S-1-5-21-1110200231-202011538-1979519991-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-1110200231-202011538-1979519991-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-28] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-28] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll [2014-06-17] (AdTrustMedia)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-28] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-28] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll [2014-06-17] (AdTrustMedia)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS\SysWOW64\nutafun4.dll [164232 2012-10-12] (MKS Software Inc.)
Winsock: Catalog9 13 C:\WINDOWS\SysWOW64\nutafun4.dll [164232 2012-10-12] (MKS Software Inc.)
Winsock: Catalog9-x64 12 C:\Windows\system32\nutafun4.dll [205624 2012-10-12] (MKS Software Inc.)
Winsock: Catalog9-x64 13 C:\Windows\system32\nutafun4.dll [205624 2012-10-12] (MKS Software Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{27BFD224-FAA4-4867-A976-7FAFE5B30176}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{27BFD224-FAA4-4867-A976-7FAFE5B30176}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{593BCFC9-08FB-4176-A218-33BF49636B06}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{593BCFC9-08FB-4176-A218-33BF49636B06}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\konvicto\AppData\Roaming\Mozilla\Firefox\Profiles\h4ij53us.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-28] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-08] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @ptc.com/IsoView -> C:\Program Files (x86)\Common Files\PTC\npisoview.dll [2014-10-29] (PTC Inc.)
FF Plugin-x32: @ptc.com/ProductViewLite -> C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll [2014-10-29] (PTC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1110200231-202011538-1979519991-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\konvicto\AppData\Roaming\Mozilla\Firefox\Profiles\h4ij53us.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-03-19]
FF Extension: DownThemAll! - C:\Users\konvicto\AppData\Roaming\Mozilla\Firefox\Profiles\h4ij53us.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-01-21]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-24]
Chrome:
=======
CHR Profile: C:\Users\konvicto\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\konvicto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-15]
CHR Extension: (Google Drive) - C:\Users\konvicto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-15]
CHR Extension: (YouTube) - C:\Users\konvicto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-15]
CHR Extension: (PrivDog) - C:\Users\konvicto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-06-15]
CHR Extension: (Google Search) - C:\Users\konvicto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-15]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\konvicto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-04-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\konvicto\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-30]
CHR Extension: (Google Wallet) - C:\Users\konvicto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-15]
CHR Extension: (Gmail) - C:\Users\konvicto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-15]
CHR HKU\S-1-5-21-1110200231-202011538-1979519991-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Users\konvicto\AppData\Local\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-03-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-04-15] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-17] (Broadcom Corporation.)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1995448 2015-05-25] (Comodo)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-06-11] (Comodo Security Solutions, Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-10] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-26] (Comodo)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-11] (Comodo Security Solutions, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-02-19] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 impi_smpd; C:\Program Files\PTC\Creo 3.0\M030\Common Files\x86e_win64\cma\Bin\IntelMPI\smpd-intel-4.0.3.009-x64.exe [1611168 2015-04-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 NuTCRACKERService; C:\WINDOWS\system32\nutsrv4.exe [574776 2015-04-06] (MKS Software Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-02-19] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-02-19] (NVIDIA Corporation)
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [499712 2015-04-06] (PTC Inc.) [File not signed]
R2 Privacy Content Firewall; C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogService.exe [2059392 2015-02-26] (AdTrustMedia)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-05-09] (SolidWorks) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-12] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-03-12] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-10] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 admnfd; C:\WINDOWS\system32\Drivers\admnfd.sys [49496 2014-12-04] (Windows (R) Win 7 DDK provider)
R1 AntiLog32; C:\WINDOWS\system32\drivers\AntiLog64.sys [49752 2014-11-11] (Zemana Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-06-16] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R1 browserMon; C:\Windows\System32\DRIVERS\browserMon.sys [20728 2015-02-26] (Windows (R) Win 7 DDK provider)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-01-23] (Disc Soft Ltd)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-12-12] (Zemana Ltd.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224208 2015-06-03] (QFX Software Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-19] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8229264 2012-09-28] (Realtek Semiconductor Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-10] (Microsoft Corporation)
U3 DfSdkS; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-30 23:01 - 2015-06-30 23:01 - 00030962 _____ C:\Users\konvicto\Desktop\FRST.txt
2015-06-30 23:01 - 2015-06-30 23:01 - 00000000 ____D C:\FRST
2015-06-30 23:00 - 2015-06-30 23:00 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\konvicto\Desktop\tdsskiller.exe
2015-06-30 23:00 - 2015-06-30 23:00 - 02112512 _____ (Farbar) C:\Users\konvicto\Desktop\FRST64.exe
2015-06-28 21:28 - 2015-06-28 21:28 - 00001136 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-28 21:27 - 2015-06-28 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-28 21:27 - 2015-06-28 21:27 - 00000000 ____D C:\Users\konvicto\AppData\Roaming\Avira
2015-06-28 21:26 - 2015-06-28 21:28 - 00000000 ____D C:\ProgramData\Avira
2015-06-28 21:26 - 2015-06-28 21:28 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-28 21:26 - 2015-06-16 09:36 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-28 21:26 - 2015-06-16 09:36 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-28 21:26 - 2015-06-16 09:36 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-06-28 21:26 - 2015-06-16 09:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-06-28 21:18 - 2015-06-28 21:20 - 226530192 _____ C:\Users\konvicto\Desktop\avira_antivirus_579de-de.exe
2015-06-28 20:51 - 2015-06-28 20:51 - 00000416 _____ C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2015-06-28 20:50 - 2015-06-28 20:50 - 00000000 __SHD C:\found.000
2015-06-28 20:00 - 2015-06-28 20:00 - 00001138 _____ C:\Users\Public\Desktop\Internet (Chromodo).lnk
2015-06-28 20:00 - 2015-06-28 20:00 - 00000000 ____D C:\ProgramData\Comodo Downloader
2015-06-28 19:39 - 2015-06-28 19:41 - 226607624 _____ (COMODO) C:\Users\konvicto\Desktop\cispremium_installer_6100_08.exe
2015-06-14 02:37 - 2015-06-14 02:37 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-14 02:37 - 2015-06-14 02:37 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-14 02:37 - 2015-06-14 02:37 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-14 02:37 - 2015-06-14 02:37 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-14 02:37 - 2015-06-14 02:37 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-14 02:37 - 2015-06-14 02:37 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-14 02:37 - 2015-06-14 02:37 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-14 02:37 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 22:23 - 2015-06-10 22:23 - 00105760 _____ (QFX Software Corporation) C:\WINDOWS\system32\KeyScramblerLogon.dll
2015-06-10 20:38 - 2015-06-10 20:38 - 00001985 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-06-09 22:18 - 2015-06-09 22:18 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-09 22:18 - 2015-06-09 22:18 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 22:18 - 2015-06-09 22:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 22:18 - 2015-06-09 22:18 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 22:18 - 2015-06-09 22:18 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 22:18 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 22:18 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-06 11:26 - 2015-06-06 11:26 - 00000000 ____D C:\Users\konvicto\Documents\HERMA
2015-06-06 11:26 - 2015-06-06 11:26 - 00000000 ____D C:\Users\konvicto\AppData\Local\HERMA
2015-06-06 11:21 - 2015-06-06 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HERMA
2015-06-06 11:21 - 2015-06-06 11:21 - 00000000 ____D C:\Program Files (x86)\HERMA
2015-06-05 15:36 - 2015-06-05 15:36 - 00820928 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-06-05 15:36 - 2015-06-05 15:36 - 00035056 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-06-04 00:40 - 2015-06-06 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-01 23:36 - 2015-06-01 23:36 - 00000000 ____D C:\Users\konvicto\AppData\Local\GWX
2015-06-01 23:23 - 2015-06-01 23:27 - 00000000 ____D C:\Users\konvicto\Desktop\Steuererklärung
2015-05-31 01:05 - 2015-06-19 19:08 - 00000000 ____D C:\Users\konvicto\Desktop\Widerspruch & Rechtstreit
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-30 23:00 - 2014-01-09 17:19 - 00000000 __RDO C:\Users\konvicto\SkyDrive
2015-06-30 23:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-30 22:58 - 2015-02-03 20:16 - 01939817 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-30 22:57 - 2015-05-23 18:43 - 00009048 _____ C:\WINDOWS\setupact.log
2015-06-30 22:57 - 2015-01-13 15:29 - 00000000 ____D C:\Users\konvicto\AppData\Roaming\AdTrustMedia
2015-06-30 22:57 - 2014-06-15 13:31 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-30 22:57 - 2014-01-08 12:12 - 00000000 ____D C:\ProgramData\Adtrustmedia
2015-06-30 22:57 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-30 00:08 - 2014-06-15 13:31 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-29 23:56 - 2014-03-11 11:08 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-29 23:52 - 2013-04-20 09:59 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1110200231-202011538-1979519991-1001
2015-06-29 23:48 - 2013-11-14 09:26 - 02447902 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-29 23:48 - 2013-11-14 09:11 - 01161892 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-29 23:48 - 2013-11-14 09:11 - 00296500 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-29 22:17 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-28 21:56 - 2014-01-09 17:04 - 00000000 ____D C:\Users\konvicto
2015-06-28 21:48 - 2015-05-27 22:51 - 00204784 _____ C:\WINDOWS\PFRO.log
2015-06-28 21:28 - 2014-10-25 15:36 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-28 21:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-28 20:51 - 2015-01-15 13:06 - 00000000 ____D C:\Users\Silver\AppData\Roaming\AdTrustMedia
2015-06-28 20:51 - 2013-05-01 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-06-28 20:26 - 2013-05-01 20:40 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-06-28 20:24 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-28 20:09 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-28 20:00 - 2013-05-01 20:39 - 00000000 ____D C:\Users\konvicto\AppData\Local\Comodo
2015-06-28 20:00 - 2013-05-01 20:35 - 00000000 ____D C:\Program Files (x86)\COMODO
2015-06-28 19:33 - 2014-02-14 13:46 - 00000000 ____D C:\ProgramData\Oracle
2015-06-28 19:32 - 2015-01-29 22:33 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-06-28 19:32 - 2014-10-20 20:09 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-06-28 19:32 - 2014-10-20 20:09 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-28 19:32 - 2014-07-18 15:53 - 00000000 ____D C:\Program Files\Java
2015-06-28 03:28 - 2015-02-15 12:51 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-28 03:28 - 2013-04-19 21:53 - 00299692 ____N C:\WINDOWS\Minidump\062815-9203-01.dmp
2015-06-25 21:21 - 2014-04-30 13:09 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-25 21:21 - 2014-04-30 13:09 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 21:57 - 2014-03-11 11:08 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-22 23:08 - 2014-06-15 13:32 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-21 11:30 - 2014-01-09 18:23 - 00003336 _____ C:\WINDOWS\Sandboxie.ini
2015-06-20 13:45 - 2015-04-19 19:34 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-20 13:45 - 2015-04-19 19:30 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-20 13:45 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-20 13:44 - 2013-04-19 21:53 - 00297132 ____N C:\WINDOWS\Minidump\062015-9640-01.dmp
2015-06-19 00:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-18 00:28 - 2014-01-08 12:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-18 00:25 - 2013-04-22 21:58 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-17 23:06 - 2013-04-23 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2015-06-17 23:06 - 2013-04-23 22:16 - 00000000 ____D C:\Program Files (x86)\KeyScrambler
2015-06-14 02:37 - 2013-11-14 09:21 - 02473472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-06-14 00:22 - 2013-04-19 21:53 - 00295558 ____N C:\WINDOWS\Minidump\061415-8296-01.dmp
2015-06-11 22:11 - 2014-01-08 12:25 - 00002059 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2015-06-11 21:57 - 2014-01-08 12:12 - 00020874 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-06-11 21:57 - 2013-04-19 21:53 - 00296240 ____N C:\WINDOWS\Minidump\061115-8640-01.dmp
2015-06-10 09:26 - 2013-08-22 16:44 - 00437096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 09:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 09:24 - 2013-04-19 21:53 - 00296808 ____N C:\WINDOWS\Minidump\061015-8187-01.dmp
2015-06-06 18:06 - 2013-05-01 01:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-06 11:18 - 2013-04-23 21:34 - 00000000 ____D C:\Users\konvicto\Desktop\Programme
2015-06-06 00:50 - 2013-04-19 21:53 - 00294128 ____N C:\WINDOWS\Minidump\060615-8734-01.dmp
2015-06-05 15:36 - 2013-04-25 11:05 - 00126696 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-06-05 15:36 - 2013-04-15 18:38 - 00020672 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-06-05 15:34 - 2013-04-23 15:04 - 00576824 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-06-05 15:34 - 2013-04-23 15:04 - 00444448 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-06-05 15:34 - 2013-04-15 18:38 - 00041224 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-06-05 15:33 - 2013-04-15 18:38 - 00358080 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-06-05 15:32 - 2013-04-15 18:38 - 00045760 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-06-05 15:31 - 2013-04-15 18:38 - 00288448 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-06-05 15:31 - 2013-04-15 18:38 - 00040640 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-06-03 15:43 - 2013-04-23 22:16 - 00224208 _____ (QFX Software Corporation) C:\WINDOWS\system32\Drivers\keyscrambler.sys
2015-06-01 23:20 - 2015-05-25 18:02 - 00000575 _____ C:\WINDOWS\wiso.ini
2015-06-01 23:20 - 2015-05-25 18:02 - 00000000 ____D C:\Program Files (x86)\Steuer 2014
2015-06-01 23:14 - 2014-02-20 18:21 - 00000000 ____D C:\Users\konvicto\Desktop\Auszüge
2015-05-31 18:12 - 2015-04-04 09:11 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-31 18:12 - 2015-04-04 09:11 - 00000000 ___SD C:\WINDOWS\system32\GWX
==================== Files in the root of some directories =======
2015-03-22 20:39 - 2015-03-22 20:39 - 0002133 _____ () C:\Users\konvicto\AppData\Local\recently-used.xbel
2013-04-22 23:10 - 2013-04-22 23:10 - 0009650 _____ () C:\Users\konvicto\AppData\Local\WiDiSetupLog.20130422.231036.txt
2013-05-01 19:12 - 2013-05-01 19:12 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-04-22 22:44 - 2013-04-22 22:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\konvicto\AppData\Local\Temp\avgnt.exe
C:\Users\konvicto\AppData\Local\Temp\jre-8u45-windows-au.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-29 23:52
==================== End of log ============================
|
|
30.06.2015, 22:49
| #5 |
| | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet VerbindungCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by konvicto at 2015-06-30 23:02:13
Running from C:\Users\konvicto\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1110200231-202011538-1979519991-500 - Administrator - Disabled)
Gast (S-1-5-21-1110200231-202011538-1979519991-501 - Limited - Disabled)
***** (S-1-5-21-1110200231-202011538-1979519991-1001 - Administrator - Enabled) => C:\Users\*****
***** (S-1-5-21-1110200231-202011538-1979519991-1005 - Limited - Enabled) => C:\Users\*****
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Disabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: COMODO Firewall (Disabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.08 - Adobe Systems)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
AgenaTrader V1.5.6.1 (HKLM\...\AgenaTrader) (Version: 1.5.6.1 - Include IT GmbH)
AntiLogger (HKLM-x32\...\AntiLogger) (Version: - Zemana Ltd.)
AntiLogger (x32 Version: 1.9.3.527 - Zemana Ltd.) Hidden
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 11 v.11.00.60 (HKLM-x32\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.00.60 - Ashampoo GmbH & Co. KG)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
BCL easyConverter Desktop 3 (Word Version) (HKLM-x32\...\{8C5845B5-729F-40E3-A945-4454E67F65F4}) (Version: 3.0.18 - BCL Technologies)
Business English Wortschatztrainer 5.0 (HKLM-x32\...\{9014D8FC-388A-435A-BED1-B268E5490B7F}) (Version: 5.0.0 - Langenscheidt)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5571 - CDBurnerXP)
Chromodo (HKLM-x32\...\Chromodo) (Version: 42.1.2.91 - Comodo)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 43.3.3.185 - Comodo)
COMODO Internet Security Premium (HKLM\...\{F1EC4151-805B-4097-B9BB-7D71A417AAF1}) (Version: 6.1.14723.2813 - COMODO Security Solutions Inc.)
Creo Direct Version 2.0 Datecode [M120] (HKLM-x32\...\Creo Direct Version 2.0 Datecode [M120]) (Version: 2.0 - PTC)
Creo Layout Version 2.0 Datecode [M120] (HKLM-x32\...\Creo Layout Version 2.0 Datecode [M120]) (Version: 2.0 - PTC)
Creo Parametric Version 2.0 Datecode [M120] (HKLM-x32\...\Creo Parametric Version 2.0 Datecode [M120]) (Version: 2.0 - PTC)
Creo Platform 2.36 (HKLM-x32\...\{BB175478-4D65-42E7-AC13-60F8389E243B}) (Version: 2.36.0 - PTC)
Creo Simulate Version 2.0 Datecode [M120] (HKLM-x32\...\Creo Simulate Version 2.0 Datecode [M120]) (Version: 2.0 - PTC)
CrystalDiskInfo 6.1.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.1 - Crystal Dew World)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Drakonia Black (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
EtikettenAssistent 4.2 (HKLM-x32\...\{9AEF64B1-79A5-4E2F-8FBC-4CA89ECD3595}) (Version: 4.2.1 - HERMA)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
GeekBuddy (HKLM-x32\...\{8402D61C-609B-4FA3-B86D-21868D850821}) (Version: 4.19.137 - Comodo Security Solutions Inc)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{89D2FA50-6002-4AFB-8586-3E38B355E891}) (Version: 15.05.2000.1462 - Intel Corporation)
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.2.3.400 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.71.1 - JMicron Technology Corp.)
KeyCrypt SDK version 1.7.1.323 (HKLM-x32\...\{5575EADE-4685-4E15-A9CD-6036BC2A3F75}_is1) (Version: 1.7.1.323 - Zemana Ltd.)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.7.0.0 - QFX Software Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1900 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.8400.10189 - Realtek Semiconductor Corp.)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
MetaTrader 4 (HKLM-x32\...\MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
MKS Platform Components 9.x (HKLM\...\{30276636-0000-0905-9ABB-000BDB5CF35D}) (Version: 9.5.0000 - Mortice Kern Systems)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\MyFreeCodec) (Version: - )
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-XChange Editor (HKLM\...\{F2624B27-EAF4-4398-B5AE-50B2F1C3650C}) (Version: 5.5.311.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (HKLM-x32\...\{adf3cd24-de91-4df3-a8dd-5992c689cb75}) (Version: 5.5.310.0 - Tracker Software Products (Canada) Ltd.)
PeaZip 5.5.3 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)
PrivDog (HKLM\...\{C01D249F-23DA-45B1-A5FF-12ECD647D5C6}) (Version: 3.0.108.0 - PrivDog.com)
PrivDog 2 Legacy Browser Plug-ins (HKLM-x32\...\PrivDog) (Version: 2.2.0.14 - privdog.com)
PTC Creo Direct Version 3.0 Datecode [M030] (HKLM-x32\...\PTC Creo Direct Version 3.0 Datecode [M030]) (Version: 3.0 - PTC)
PTC Creo Layout Version 3.0 Datecode [M030] (HKLM-x32\...\PTC Creo Layout Version 3.0 Datecode [M030]) (Version: 3.0 - PTC)
PTC Creo Parametric Version 3.0 Datecode [M030] (HKLM-x32\...\PTC Creo Parametric Version 3.0 Datecode [M030]) (Version: 3.0 - PTC)
PTC Creo Platform Agent 3.96 (HKLM-x32\...\{8CD6BE35-0B81-4528-BA2E-4A73ED30F573}) (Version: 3.96.0 - PTC)
PTC Creo Simulate Version 3.0 Datecode [M030] (HKLM-x32\...\PTC Creo Simulate Version 3.0 Datecode [M030]) (Version: 3.0 - PTC)
PTC Creo Thumbnail Viewer 3.0 (HKLM\...\{31D4219E-F0C8-4471-9E9A-4B5A7DF30BE0}) (Version: 31.14.500 - PTC)
PTC Creo View Express 3.0 (HKLM\...\{8D3C0B3F-0830-413A-BF5C-24BCDCF58547}) (Version: 10.2.30.26 - PTC)
PTC Portmapper Version 2.0 Datecode [M120] (HKLM-x32\...\PTC Portmapper Version 2.0 Datecode [M120]) (Version: 2.0 - PTC)
PTC Quality Agent (HKLM-x32\...\{CE7DF7C9-82FC-4E33-9E1E-D5C024A0EECE}) (Version: 2.0.0.0 - PTC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.12 - Samsung Electronics Co., Ltd.) Hidden
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SolidWorks 2014 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20140-40200-1100-100) (Version: 22.2.0.40 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP02 (Version: 22.120.40 - SolidWorks) Hidden
SolidWorks 2014 x64 German Resources (Version: 22.120.40 - SolidWorks Corporation) Hidden
SolidWorks Composer Player 2014 SP02 x64 Edition (Version: 22.20.40 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP02 (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2014 SP02 x64 Edition (Version: 22.20.40 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP02 x64 Edition (Version: 22.20.40 - SolidWorks Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Startup TOOLS - SE Creo 2.0 M030 (HKLM-x32\...\Startup TOOLS - SE Creo 2.0) (Version: M030 - INNEO Solutions GmbH)
Steuer 2014 (HKLM-x32\...\{2EE860C7-4551-479F-AF01-328B8AA46051}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated)
Tabellenbuch Metall 7.0 (HKLM-x32\...\Tabellenbuch Metall 7.0) (Version: 7.0 - Verlag Europa-Lehrmittel)
Trader Workstation 4.0 (HKLM-x32\...\Trader Workstation 4.0) (Version: - )
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Vokabeltrainer-Update 5.0.33 (HKLM-x32\...\{9E493105-122C-4F96-9773-B5161001198E}) (Version: 5.0.33 - Langenscheidt)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
09-06-2015 23:29:58 Windows Update
18-06-2015 00:24:40 Geplanter Prüfpunkt
25-06-2015 23:11:04 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2015-01-24 03:48 - 00001431 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02CE2CA0-7ACC-450C-A361-942E8DED4102} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-15] (Google Inc.)
Task: {03D26AF3-E6FE-45F0-AA90-325237D0433C} - System32\Tasks\{86E731AA-9CE3-477A-A458-AC78EC532FAA} => pcalua.exe -a E:\CD_Start.exe -d E:\
Task: {0F7EE5DD-B3B6-40AE-858D-2E6F03848F2B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {11587CEA-D1BB-45CE-9722-9C0E2FFF462F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {27A081E1-010B-406A-8888-2ABE7FCFF58E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {291E93E5-3268-467D-B289-D6EE0AF18875} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {389121ED-9676-4FF1-AB17-C683FFB43CF0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2012-11-13] (Safer-Networking Ltd.)
Task: {3E5D5D6F-E9BF-47E8-89DE-3EF898F043A9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {52E769C0-7C73-4285-B2C2-3C0A1ED39197} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {54571B49-2BB9-4A5D-B65F-523E9F95FC71} - System32\Tasks\Desktop-Autostart => C:\WINDOWS\explorer.exe [2015-03-10] (Microsoft Corporation)
Task: {5830F274-0679-415E-AF75-6F479771C76E} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {5BACE217-882D-41C3-B72A-60158AF51295} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-18] (Microsoft Corporation)
Task: {769CB481-4865-4173-A9D6-81F1EF4D594B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {8F1A2DC4-BA4D-4041-8E20-BE5665816FDC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {9AF99BBD-80F4-4F24-8220-64D1FB9E9C04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-15] (Google Inc.)
Task: {A9AA6638-B150-4D98-B816-81D94644D900} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {AC17A008-A332-4F62-AD4E-6D283032EFC8} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-10] (COMODO)
Task: {B4FE0026-0E6E-48E4-8C55-23E1D9FCABEB} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {B620DC34-D6E7-406F-AECD-B917F06E79D0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {B9A37B5B-8EEC-46B4-BEE5-7FC03E663A56} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {C459E3FA-B764-48E7-A650-96C0EA4A002B} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-10] (COMODO)
Task: {D22AAD05-DE11-4C3A-848A-2118AAA92309} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2012-11-13] (Safer-Networking Ltd.)
Task: {E346FF56-8A39-48B6-A9C6-86A2EAEC0068} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {E52DE137-1D46-4389-BA35-4D03E83EE4C7} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {E73A7E60-28ED-4FCD-8E31-7361A0BC9AC6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-13] (Safer-Networking Ltd.)
Task: {E95C2047-DF84-426D-9593-173C386FE319} - System32\Tasks\One-Click Optimizer WO11 => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\wo11.exe [2015-04-03] (Ashampoo Development GmbH & Co. KG)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cis5D96.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (Whitelisted) ==============
2014-01-09 17:03 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-17 10:23 - 2012-08-17 10:23 - 00044408 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2015-02-26 00:06 - 2015-02-26 00:06 - 01969280 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\UtilsDll.dll
2015-02-26 00:06 - 2015-02-26 00:06 - 00108160 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogManager\Plugins\nfapi.dll
2015-02-25 23:45 - 2015-02-25 23:45 - 00054784 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\DisableBrowserExtensions.dll
2015-02-26 00:06 - 2015-02-26 00:06 - 00554112 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogManager\Plugins\ProtocolFilters.dll
2015-06-28 21:04 - 2015-06-28 21:04 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-05-10 13:51 - 2013-10-29 14:49 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2013-04-24 22:09 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-04-24 22:09 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-04-24 22:09 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-04-24 22:09 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-04-24 22:09 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2014-12-17 16:11 - 2014-12-17 16:11 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-12-17 16:11 - 2014-12-17 16:11 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-06-01 10:46 - 2015-06-01 10:46 - 02254528 _____ () C:\Program Files (x86)\COMODO\GeekBuddy\QtCore4.dll
2015-06-01 10:46 - 2015-06-01 10:46 - 00976064 _____ () C:\Program Files (x86)\COMODO\GeekBuddy\QtNetwork4.dll
2013-04-24 22:09 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-05-10 13:51 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2015-06-22 23:08 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 23:08 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2014-10-16 21:34 - 2014-10-16 21:34 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\admwprox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdobePDF.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdobePDFUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ahadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\baaupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdechangepin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\calc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\change.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chglogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgport.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgusr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CscMig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddpchunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddptrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddputils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddp_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\embeddedapplauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EmbeddedAppLauncherConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsquirt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveprompt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iisreset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iisrstap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iisRtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KeyboardFilterSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoff.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID
|
|
30.06.2015, 22:51
| #6 |
| | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet VerbindungCode:
ATTFilter
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nutsrv4.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvapi64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvd3dumx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434752.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434752.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvEncodeAPI64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NvFBC64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NvIFR64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NvIFROpenGL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvinitx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvoglshim64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvoglv64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvumdshimx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nvwgf2umx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistAD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistCacheProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistCleaner.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistHttpTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pmcsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ppcsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintBrmUi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qappsrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qprocess.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\query.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quser.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwinsta.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rwinsta.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tscfgwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tscon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsdiscon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tskill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wamregps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\admwprox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ahadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
|
|
30.06.2015, 22:52
| #7 |
| | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet VerbindungCode:
ATTFilter
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iisreset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iisrstap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iisRtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFC71ESP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nutlcp110.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncodeAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFROpenGL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvinit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglshim32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvumdshim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wamregps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\browserMon.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BTHUSB.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\csc.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvpciflt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rfcomm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\serscan.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\konvicto\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\konvicto\Desktop\fahrzeug_781910_2015-01-14_11-31-45_6118.pdf:$CmdTcID
AlternateDataStreams: C:\Users\konvicto\Desktop\fahrzeug_781910_2015-01-14_11-31-45_6118.pdf:$CmdZnID
AlternateDataStreams: C:\Users\konvicto\Desktop\kahlmeyer.pdf:$CmdTcID
AlternateDataStreams: C:\Users\konvicto\Desktop\kahlmeyer.pdf:$CmdZnID
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\123simsen.com -> www.123simsen.com
There are 7812 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1110200231-202011538-1979519991-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\konvicto\Desktop\Wallpaper\Reise\Wallpaper 1080p Full HD Download.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "SolidWorks 2014 Schnellstart.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SolidWorks Hintergrund-Downloader.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1110200231-202011538-1979519991-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{43A962B2-85EA-4558-B079-CA491833DB10}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe
FirewallRules: [{71E3B58F-72F0-4C8B-84DA-D39EBE8BBE36}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{12DAED46-335B-4277-AE00-2FF176DD8C0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4D86CC12-E3C8-4732-837F-024444852702}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{6CF2014A-E00F-4DA2-BEDF-295E82E904E9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{B63C57BD-369D-498B-AFF3-32949816513D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{29DB8F0E-BEDD-492A-942A-600CD12E4ADC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{AD4AAAE2-7BF9-4F8A-BFD1-C45A65BE4DE0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{48B261AF-88FD-455A-ABAA-4325B3621ED4}C:\users\konvicto\desktop\candisoft_load_0.7.4\load.exe] => (Allow) C:\users\konvicto\desktop\candisoft_load_0.7.4\load.exe
FirewallRules: [UDP Query User{D8F62434-1336-4A1C-A6A3-8D686FABE23C}C:\users\konvicto\desktop\candisoft_load_0.7.4\load.exe] => (Allow) C:\users\konvicto\desktop\candisoft_load_0.7.4\load.exe
FirewallRules: [TCP Query User{39639FF8-1F70-42FE-9074-8BF0AB195A72}C:\users\konvicto\desktop\candisoft_load_0.7.4\load.exe] => (Allow) C:\users\konvicto\desktop\candisoft_load_0.7.4\load.exe
FirewallRules: [UDP Query User{D54A4EFD-724C-41D1-9096-69E5CA51BE8D}C:\users\konvicto\desktop\candisoft_load_0.7.4\load.exe] => (Allow) C:\users\konvicto\desktop\candisoft_load_0.7.4\load.exe
FirewallRules: [{60F9B2E7-E99A-4EA8-84AC-E5E911BC752C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F0DAA14B-F1D7-43C8-B023-AF2FC7562054}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9E224BE8-2604-4066-A53A-22E40592F8B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EA48FBC8-18BB-48C1-9251-098D62EE7B7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{725DBC33-3960-4818-AD6D-FF0AD695C68D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{451519C7-4FA6-4E42-8049-6AA8CBCF1BBA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B344C5D8-0A8C-4BE0-94F8-E0D4B7A80C10}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{CA371FBD-2B77-458E-B7CF-D24F4386D6E8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{65B4093D-4C09-4106-B22B-E897DD1F4915}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{C19E4766-63F7-4AB4-A04B-85BAFC77F522}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{58E43D0F-AC90-45CD-B434-75ABFE4C6DAB}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{4B76563C-A6E8-41BC-B533-86B3F9F4CB41}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{3D3785CE-71BA-4C53-ACB9-E552F144DCB7}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{50DC72CD-7952-4CF7-AA12-6ABFBCF5BAF0}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{B3F6AB69-11F4-4C99-B28C-DBC65B37835D}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{0C901E50-A7FF-487D-815C-376434695D46}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{5A61E5F0-9BEF-410A-AA39-559EDB0A8188}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{AD73B0FF-533E-4402-9BFE-C704F0789A4A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{A29315D0-9E76-4087-9BF6-D68997353593}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{411336F9-BE63-4A3D-8F99-DF4F0687B974}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{EEC7E267-5611-4B36-A08E-CE9F49A7330A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68C1C6F9-7360-44FE-9463-634EF88A8364}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6C37555C-97DC-46BF-892A-4A5A20935F81}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F581BA72-8F29-493F-B56A-30171554A53F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{273A9D59-7767-41BA-A925-A3A2485F5C34}] => (Allow) C:\Program Files\PTC\Creo 3.0\View Express\i486_nt\obj\productview.exe
FirewallRules: [TCP Query User{7850A4B0-CBE5-4135-838D-144D85CDFD24}C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\cma\bin\intelmpi\smpd-intel-4.0.3.009-x64.exe] => (Allow) C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\cma\bin\intelmpi\smpd-intel-4.0.3.009-x64.exe
FirewallRules: [UDP Query User{11ADF852-694B-486B-A986-B7CC453D7882}C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\cma\bin\intelmpi\smpd-intel-4.0.3.009-x64.exe] => (Allow) C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\cma\bin\intelmpi\smpd-intel-4.0.3.009-x64.exe
FirewallRules: [TCP Query User{E01DB0F0-7EED-4ACC-A928-711C0E7DE882}C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\obj\xtop.exe] => (Allow) C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\obj\xtop.exe
FirewallRules: [UDP Query User{3871DC0C-9F66-4E69-8706-63F3684437B6}C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\obj\xtop.exe] => (Allow) C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\obj\xtop.exe
FirewallRules: [TCP Query User{BF40BAFE-74F8-4908-AECC-729E0D96BFF3}C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\nms\nmsd.exe] => (Allow) C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\nms\nmsd.exe
FirewallRules: [UDP Query User{DD0A994C-6932-4F25-9200-633331E65D41}C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\nms\nmsd.exe] => (Allow) C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\nms\nmsd.exe
FirewallRules: [TCP Query User{3E7CDDB4-1479-40B4-B1A7-CC960D47CAB5}C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\obj\pro_comm_msg.exe] => (Allow) C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\obj\pro_comm_msg.exe
FirewallRules: [UDP Query User{46A36403-C658-4E86-8EB9-C66B41A94132}C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\obj\pro_comm_msg.exe] => (Allow) C:\program files\ptc\creo 3.0\m030\common files\x86e_win64\obj\pro_comm_msg.exe
FirewallRules: [TCP Query User{5452288D-7FF3-4D15-97D4-7B332643CF2E}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\nms\nmsd.exe] => (Block) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\nms\nmsd.exe
FirewallRules: [UDP Query User{151F8491-F36E-4674-8690-6C3119215152}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\nms\nmsd.exe] => (Block) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\nms\nmsd.exe
FirewallRules: [TCP Query User{E4229AC7-2EAF-41D7-B2DF-43D1234575F6}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\xtop.exe] => (Block) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\xtop.exe
FirewallRules: [UDP Query User{A59C0F80-251E-44DA-90D7-4AAD28349CA0}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\xtop.exe] => (Block) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\xtop.exe
FirewallRules: [TCP Query User{B248A065-9522-44A1-BF0E-7D6D89AB7614}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\pro_comm_msg.exe] => (Allow) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\pro_comm_msg.exe
FirewallRules: [UDP Query User{F97B9E15-B69F-4992-86FB-0FFA2966E77C}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\pro_comm_msg.exe] => (Allow) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\pro_comm_msg.exe
FirewallRules: [TCP Query User{F58DBD0A-D2AC-490B-9565-B2BA9C042398}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\nms\nmsd.exe] => (Allow) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\nms\nmsd.exe
FirewallRules: [UDP Query User{FEDE2359-3B5D-40EF-B3E6-142EF4460C06}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\nms\nmsd.exe] => (Allow) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\nms\nmsd.exe
FirewallRules: [TCP Query User{6F963710-BFF3-4A88-954D-CE102BBE78F6}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\xtop.exe] => (Allow) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\xtop.exe
FirewallRules: [UDP Query User{4A1AEED1-C688-4AE7-A174-88A8B18715A5}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\xtop.exe] => (Allow) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\xtop.exe
FirewallRules: [TCP Query User{95E6898E-59F6-48D4-8177-C507085C1C71}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\pro_comm_msg.exe] => (Allow) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\pro_comm_msg.exe
FirewallRules: [UDP Query User{7D291F6A-8E93-46DF-9951-4E4D426356F8}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\pro_comm_msg.exe] => (Allow) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\pro_comm_msg.exe
FirewallRules: [{E41F1BEB-FF26-4E7E-A601-9AAEAD36450A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{2ED3F41C-7A80-40EB-BCD6-94C31A79D8C8}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{82FDDD12-3C2E-4695-A7DD-5A75B602DF66}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/30/2015 10:58:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: unit.exe, Version: 4.0.0.0, Zeitstempel: 0x556c056a
Name des fehlerhaften Moduls: cryptnet.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54503d64
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000c0af
ID des fehlerhaften Prozesses: 0x1b28
Startzeit der fehlerhaften Anwendung: 0xunit.exe0
Pfad der fehlerhaften Anwendung: unit.exe1
Pfad des fehlerhaften Moduls: unit.exe2
Berichtskennung: unit.exe3
Vollständiger Name des fehlerhaften Pakets: unit.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: unit.exe5
Error: (06/30/2015 10:58:10 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1140) SUS20ClientDataStore: Bei Überprüfung der aus Datei "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" bei Offset 9797632 (0x0000000000958000) (Datenbankseite wuaueng.dll0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [00610050002d0074:0065003400360033:0061007e00350033:003400360064006d], die berechnete Prüfsumme [0000012a89bacdfb:0000000000000000:0000000000000000:0000000000000000]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.
Error: (06/30/2015 10:57:17 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (06/29/2015 11:52:04 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (06/29/2015 11:42:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: unit.exe, Version: 4.0.0.0, Zeitstempel: 0x556c056a
Name des fehlerhaften Moduls: unity_core.dll, Version: 4.0.0.0, Zeitstempel: 0x556c053c
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00019e58
ID des fehlerhaften Prozesses: 0x18b8
Startzeit der fehlerhaften Anwendung: 0xunit.exe0
Pfad der fehlerhaften Anwendung: unit.exe1
Pfad des fehlerhaften Moduls: unit.exe2
Berichtskennung: unit.exe3
Vollständiger Name des fehlerhaften Pakets: unit.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: unit.exe5
Error: (06/29/2015 11:40:49 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (06/29/2015 10:21:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x54504177
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000ec17b
ID des fehlerhaften Prozesses: 0x45c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5
Error: (06/29/2015 10:21:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: unit.exe, Version: 4.0.0.0, Zeitstempel: 0x556c056a
Name des fehlerhaften Moduls: unity_core.dll, Version: 4.0.0.0, Zeitstempel: 0x556c053c
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00019e58
ID des fehlerhaften Prozesses: 0x1af4
Startzeit der fehlerhaften Anwendung: 0xunit.exe0
Pfad der fehlerhaften Anwendung: unit.exe1
Pfad des fehlerhaften Moduls: unit.exe2
Berichtskennung: unit.exe3
Vollständiger Name des fehlerhaften Pakets: unit.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: unit.exe5
Error: (06/29/2015 10:20:59 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (06/29/2015 10:16:10 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0x81000204.
System errors:
=============
Error: (06/30/2015 10:59:31 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (06/30/2015 10:59:30 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (06/30/2015 10:59:30 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (06/30/2015 10:59:29 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (06/30/2015 10:59:29 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (06/30/2015 10:59:28 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (06/30/2015 10:59:27 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (06/30/2015 10:59:27 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (06/30/2015 10:59:26 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (06/30/2015 10:59:26 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Microsoft Office:
=========================
Error: (06/30/2015 10:58:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: unit.exe4.0.0.0556c056acryptnet.dll6.3.9600.1741554503d64c00000050000c0af1b2801d0b3776bc8e81aC:\Program Files (x86)\COMODO\GeekBuddy\unit.exeC:\WINDOWS\SYSTEM32\cryptnet.dllb6b49ec4-1f6a-11e5-bef0-2089843b3022
Error: (06/30/2015 10:58:10 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll1140SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb9797632 (0x0000000000958000)32768 (0x00008000)-1018 (0xfffffc06)[00610050002d0074:0065003400360033:0061007e00350033:003400360064006d][0000012a89bacdfb:0000000000000000:0000000000000000:0000000000000000]298 (0x12A)
Error: (06/30/2015 10:57:17 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
Error: (06/29/2015 11:52:04 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (06/29/2015 11:42:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: unit.exe4.0.0.0556c056aunity_core.dll4.0.0.0556c053cc00001a500019e5818b801d0b2b481996054C:\Program Files (x86)\COMODO\GeekBuddy\unit.exeC:\Program Files (x86)\COMODO\GeekBuddy\unity_core.dllc93ff5bb-1ea7-11e5-beef-9c4e369e2804
Error: (06/29/2015 11:40:49 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
Error: (06/29/2015 10:21:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c000000500000000000ec17b45c01d0b2a91b167952C:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll7699010b-1e9c-11e5-beee-9c4e369e2804
Error: (06/29/2015 10:21:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: unit.exe4.0.0.0556c056aunity_core.dll4.0.0.0556c053cc00001a500019e581af401d0b2a92f61d300C:\Program Files (x86)\COMODO\GeekBuddy\unit.exeC:\Program Files (x86)\COMODO\GeekBuddy\unity_core.dll76969ea9-1e9c-11e5-beee-9c4e369e2804
Error: (06/29/2015 10:20:59 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
Error: (06/29/2015 10:16:10 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x81000204
CodeIntegrity Errors:
===================================
Date: 2015-06-28 20:17:04.416
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-28 20:09:53.160
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-28 20:09:50.611
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-28 20:09:50.131
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-28 19:59:11.846
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-28 19:52:24.446
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-28 19:42:12.802
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-28 19:35:35.240
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-28 19:24:00.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-28 19:14:29.834
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16286.35 MB
Available physical RAM: 13968.22 MB
Total Pagefile: 17310.35 MB
Available Pagefile: 14600.37 MB
Total Virtual: 131072 MB
Available Virtual: 131071.76 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:223.23 GB) (Free:84.13 GB) NTFS
Drive d: (Volume) (Fixed) (Total:930.43 GB) (Free:930.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 45AE2D12)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: C3FFC3FF)
Partition 1: (Not Active) - (Size=930.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1.1 GB) - (Type=12)
==================== End of log ============================
|
|
01.07.2015, 12:49
| #8 |
| /// TB-Ausbilder | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung Du hast da mindestens eine illegale/gecrackte Software auf deinem Rechner: Adobe Acrobat XI Pro Lesestoff:Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter, wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems. |
|
05.07.2015, 11:44
| #9 |
| /// TB-Ausbilder | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
05.07.2015, 15:25
| #10 |
| | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung Hallo, ich habe Adobe jetzt deinstalliert. Habe es damals von einem Bekannten bekommen. Könnte es dann wieder mit der Hilfe weitergehen, da mein Rechner jetzt schon länger befallen ist und jede Internetverbindung noch mehr Schaden anrichtet. Ich habe jetzt erneut den benötigten Code in eine Scan.txt eingefügt und angehängt. |
|
05.07.2015, 19:02
| #11 |
| /// TB-Ausbilder | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung Servus, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
06.07.2015, 22:04
| #12 |
| | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung Hallo Matthias, ich bin am verzweifeln. Der Scan mit Malwarebytes bricht jedes mal an der gleichen Stelle ab. Sodass ich einen Hardreset bzw. Neustart machen muss. Es verhält sich genau so wie bei allen anderen Antivirenprogrammen, die ich noch nachträglich installiert habe. Nach einigen Minuten Scnazeit läuft nichts mehr. Im Taskmanager merke ich regelmäßig, dass beim aufrufen kurzzeitig über 50% Auslastung angezeigt werden und direkt wieder auf 12% runter gehen. Das ist schon auffällig. Letztens habe ich nach gefühlten 100 Scanversuchen (auch im abgesicherten Modus) kurz vorm Absturz den Taskmanager offen gelassen. Das Notebook stürzte dann ab, als Systemauslastung zuerst bei Malwarebytes und allen anderen auf Null Prozent war und später noch kurz auf über 50% anstieg. Die angehängte Grafik zeigt einen Screenshot den übrigens Malwarebytes beim Start anzeigt. Konntest du aus den vorigen Logs erkennen, um welchen Virus es sich handelt und wie viel Schaden schon angerichtet wurde? Wurden schon irgendwelche Daten, Videos usw. mitgeschnitten oder Zugangsdaten aus dem Browserverlauf geklaut? Gruß Reinhold |
|
07.07.2015, 15:16
| #13 |
| /// TB-Ausbilder | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung Servus, wieso pfasterst du deinen Rechner immer mehr mit AV-Programmen zu?  Also zuerst deinstallierst du mal bitte zwei AV-Programme: Mehrere Anti-Virus-Programme Code:
ATTFilter Comodo
Kaspersky
Avira
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. dann führst du bitte TDSS-Killer und nochmal FRST aus: Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
07.07.2015, 20:07
| #14 |
| | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung Hallo, anbei die neuen Logs. Ich musste einen Antivirus nachrüsten, da Comodo durch den Virenbefall funktionslos ist. Ich habe mich demnach für Kaspersky entschieden. Comodo kann nicht deinstalliert werden, da Fehlermeldung. Wahrscheinlich aufgrund der DLL die ich im vorigen Beitrag als Bild gepostet habe. Kannst du mir erklären was du aus den Log-Files erkennst , bezogen auf den Virenbefall? Und wie gehts weiter? Malwarebytes funktioniert ja auch nicht, da durch Virus der Scan unterbrochen wird. |
|
08.07.2015, 15:04
| #15 |
| /// TB-Ausbilder | Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung Servus, lies dir bitte nochmal meinen letzten Post durch... du sollst drei Logdateien posten... |
|
| Themen zu Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung |
| bildschirm, comodo, comodo internet security, datei, dringend, fehlermeldung, firefox, grundlos, internet, lüfter, namen, neustart, notebook, online, problem, probleme, programm, prüfen, security, surfen, system, systemwiederherstellung, trojan, trojaner, verbindung, windows, windows 8 64 bit, wlan |
Linear-Darstellung
