Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Spam - Mails mit meinem Absender an mein Adressbuch

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.04.2016, 01:30   #16
Kaffee
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Code:
ATTFilter
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SynCom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\browserMon.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BTHUSB.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CFRMD.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\DDDriver64Dcsa.sys:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\DellProf.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasl2tp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rfcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynTP.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbvideo.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volsnap.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Desktop\12522962_10153973378988397_8495080215363569311_n.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\(Ghost) Riders In The Sky (Instrumental) Johnny Cash Cover.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\(Ghost) Riders In The Sky (Instrumental) Johnny Cash Cover.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\03. Niggaz 4 Life (1).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\09, Real Niggaz.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10022013121.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10022013122.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10022013123.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10406489_751444694945707_2351825098231273560_n.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10599408_603713349730786_8167908917899286016_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\11042191_856791301060381_1896024161_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\11312624_900364740036370_7501947428853969037_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\11334342_900364833369694_638369278_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\11420154_940680132638122_1265323655_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\13866161251880.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20070401.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\2012 08 Foto1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\2012 08 Foto2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\2014-1190659.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140702_221640.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140702_224325.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140704_192401.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140704_192407.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140704_202536.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150121_090143.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150122_181825.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150122_181834.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150122_181857.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150122_181859.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150123_150513.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150123_150521.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150123_150544.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150215_173511.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150215_174837.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150215_174850.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150215_174902.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_085853 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_085853.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130541 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130541.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130549 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130549.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130555 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130555.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130627.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150415_095700.jpg:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\20150415_095700.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150730_53_150729_PFERDEWO_PWHP_020000_4_01.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\20150730_53_150729_PFERDEWO_PWHP_020000_4_01.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\2016-0782_2016-02-15__708.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\2016-0782_2016-02-15__708.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\32754_1600x1200-wallpaper-cb1322759774.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\4390269_Rechnung.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\5kplayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\5kplayer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\6571507.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\6571507.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\A Letter from Pat Parelli.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AA28561775.PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AA49623398 (1).PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AA49623398.PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Ablaufplan Ri. + Ausb. (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Ablaufplan Ri. + Ausb..pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AdwCleaner_5.112.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\AdwCleaner_5.112.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AGB.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Anmeldung_draussenzeit_2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226101228.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102236.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102322.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102355.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102600.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102919.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103007.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103202.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103252.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103328.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103550.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104012.zip:$CmdZnID [26]
         

Alt 27.04.2016, 01:36   #17
Kaffee
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Hatte einige Tage kein Netz, sorry, dass ich mich nicht gemeldet habe.

Hätte ich FRST nochmal updaten müssen?
Egal, ich poste es jetzt erstmal so.

Code:
ATTFilter
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104016.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104041.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104051.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104120.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150413150407.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191606.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191606.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191842.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191842.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191915.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191915.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191944.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191944.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192026.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192026.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192113.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192113.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192136.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192136.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192149.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192149.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192213.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192213.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192407.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192608.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192608.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192703.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192703.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725193427.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725193427.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150921112956.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AUS S Doppellonge Gehrmann 11.3.2015 Adelheidsdorf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\BauanleitungWEBA101.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\BauanleitungWEBA101.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Beurteilung der Pferdes.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\bild.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\BUN60427.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\BYAFFTD.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\BYAFFTD.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\CAV-Schermotive-Jana-Wenzel-Bilder-131_b (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\CAV-Schermotive-Jana-Wenzel-Bilder-131_b.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Cavallo (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Cavallo.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\cav_installer_5951_60.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\cav_installer_5951_60.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ccsetup506.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\ccsetup506.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ccsetup507.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\ccsetup507.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\certificate.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\certificate.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ClassicShellSetup_4_2_1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\ClassicShellSetup_4_2_1.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Comodo Antivirus - CHIP-Installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Comodo Antivirus - CHIP-Installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Cremello Longe.avi:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Cremello Longe.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnocell.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnolythe S100 (4).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnolythe S100 (5).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnolythe S100(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnolythe S100(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnoturbo.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnoturbo.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Plantagines.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Der_Hufmechanismus.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Der_Hufmechanismus.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHLreturn_6215473711 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHLreturn_6215473711.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHL_label_2015-3-2_10-30-16.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHL_label_2015-3-2_10-51-46.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHL_label_2015-3-4_12-0-16.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHL_label_2015-3-4_12-2-7.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05594.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05595.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05596.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05597.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05598.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05601.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC_0249.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC_3529.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\D_15_10_13_Analgesie_beim_Pferd.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\D_15_10_13_Analgesie_beim_Pferd.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Einhorn.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ElsterFormular-16.1.20150424p (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\ElsterFormular-16.1.20150424p (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ElsterFormular-16.1.20150424p.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\ElsterFormular-16.1.20150424p.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Ergebnisse_Altefeld_2013.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Ergebnisse_Altefeld_2013.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\erster-Galopp-quali-fb.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\facebook-100008889309795.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Fehr von und zu Hone-Piepeln  Ende.odt:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Fehr von und zu Hone-Piepeln  Ende.odt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Firefox Setup Stub 38.0.5.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Firefox Setup Stub 38.0.5.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\flash188 (1).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\flashplayer18_ga_install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\flashplayer18_ga_install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Floating-Boots-Hufschuhe.ibooks:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_ORHBST27200_0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_OZZRZ414366_0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_S12K4L5809_0.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_S12K4L5809_0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_ZTBNSW14534_0.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_ZTBNSW14534_0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Gebrauchsanleitung Magnovital.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\gk417627_rueckmeldung_zum_sose_2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\GoogleEarthSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\GoogleEarthSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\GoProStudioPC-2.5.7.549.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\GoProStudioPC-2.5.7.549.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\*****0.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\*****0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Helmtest (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Helmtest.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\HUFCHECK_Widerrufsformular_150321.pdf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Hufkurs Tina 2015 (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Hufkurs Tina 2015.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (1).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (2).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (2).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (3).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (3).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (4).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (5).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (6).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_1134.MOV:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_2567 (1).MOV:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5730.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5732.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5734.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5738.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5741.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5743.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5745.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\install_flashplayer16x32au_chra_dy_aaa_aih.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\install_flashplayer16x32au_chra_dy_aaa_aih.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Jastin (2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\JRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Kontoauszug_1010244042_Nr_2015_003_per_2015_03_03.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Kontoauszug_1010244042_Nr_2015_004_per_2015_04_02.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\KV ***** Touran.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\KV ***** Touran.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\longenkurs_neu (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\longenkurs_neu.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Lucky.odt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Löwenzahn 1.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\mbar-1.09.3.1001.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\mbar-1.09.3.1001.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\MediaMonkey_4.1.7.1741.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\MediaMonkey_4.1.7.1741.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\mewithoutyou.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Michael Putz - über die Reiterhand.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Mietvertrag mit Zahlungsmöglichk  eiten (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Mietvertrag mit Zahlungsmöglichk  eiten.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Muster-Widerrufsformular.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Natur des Guten.doc:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Natur des Guten.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Normen-8-ProdSV.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\note.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer(1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Pat_Parelli_7_Secrets.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Pat_Parelli_7_Secrets.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Preisliste Deckblatt_AGB_Warengruppen_Handwerker.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Preisliste Hippomed 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Preisliste_11_2014.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Produktblatt_Air-One.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\radiantsetup19167446d.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\radiantsetup19167446d.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung Melanie *****.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung56988 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung56988.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung_*****_November_2014.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung_Nr_3988 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Reflektion 01.doc:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Reflektion 01.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\RF 2014-1190659 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\RF 2014-1190659 (2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\RF 2014-1190659.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\scan0011.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\schneesturm.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Screenshot_2014-10-27-21-31-30.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\SEPA_B2C_HUFCHECK.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ServiceLogin:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ServiceLogin (1):$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\setup_Mein_CEWE_FOTOBUCH.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\setup_Mein_CEWE_FOTOBUCH.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\sonderdeklaration -berufshaftpflicht.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Soziologie.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Soziologie.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Strohm_Preisliste_Handwerker_Stand_29.01.2016.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Strohm_Preisliste_Handwerker_Stand_29.01.2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Termine Thies Böttcher 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Theorie Level 1 Teil 01 - Beziehung.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\THHpreis_Gewerbe.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Trab-fb-quali.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Trainingstipps Naturtrailpark Dülmen.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\trial_videodeluxe2015_dlm (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\trial_videodeluxe2015_dlm (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\trial_videodeluxe2015_dlm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\trial_videodeluxe2015_dlm.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\TTIP_FiRe_REIMON.pdf.gpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\vcredist_x86.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\vcredist_x86.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Vettec Seminar (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Vettec Seminar.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\VID-20150720-WA0000.3gp:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\VID-20150720-WA0000.3gp:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\VID-20150720-WA0000.3gp.part:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Viehtransporter-KR-T-1993.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Vorschau 2015 Kurzfassung.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\WISOSteuersoftware2016.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\WISOSteuersoftware2016.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\WP_000073.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ZE EQ Bodenarbeit Mai 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ZE Vielseitiges Modell Mai 2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Zeiteinteilung Reitkurs Mai (1).xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Zeiteinteilung Reitkurs Mai (2).xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Zeiteinteilung Reitkurs Mai (3).xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Zeiteinteilung Reitkurs Mai.xls:$CmdZnID [26]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2016-04-08 01:31 - 00000865 ____A C:\WINDOWS\system32\Drivers\etc\hosts


0.0.0.1	mssplus.mcafee.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3436712697-1915681797-834199881-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mel\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 213.228.128.156 - 213.228.128.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Dienst läuft nicht.
MpsSvc => Firewall Dienst läuft nicht.
bfe => Firewall Dienst läuft nicht.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D988C045-0A87-4779-A1BF-282317C2E233}] => (Allow) C:\Program Files\Opera x64\opera.exe
FirewallRules: [{9585F46B-3D31-4B97-90A9-CFC656A71F67}] => (Allow) C:\Program Files\Opera x64\opera.exe
FirewallRules: [{3516FC24-DA15-4E8F-9746-5BEFBC0EBA56}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{AE152F8A-54A0-4727-920A-A6153AFA8110}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{BB8F3933-74E0-4BA1-AC4B-C88F3AC0AA7E}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{4CE85C3C-DE71-4624-8B9C-73AE30819EEC}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{6D599B07-7BF1-498F-BA5D-CB4D118038E7}] => (Allow) LPort=1900
FirewallRules: [{75DE866E-99CC-42F6-921C-67F52CA2FC24}] => (Allow) LPort=2869
FirewallRules: [{B472E67B-2C1D-440E-A3C3-3534374274F1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{58F4F384-A2C7-4F8F-8269-32C48A7E3216}] => (Allow) C:\Program Files\MAGIX\Video deluxe 2015\Videodeluxe.exe
FirewallRules: [{20D8638A-BF78-4E0B-BA09-82A4B1CE075E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{40208536-24F5-4734-A2CE-D01CFCB003E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC83CC7E-707C-4E7C-BDD3-A9056A03C89A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BC02E8C5-AB46-4E34-B7BD-59126ACB5196}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{41E03FB4-E2BE-49F3-992C-69E18B51C5BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{12523BF8-89B1-411B-9CBB-B51C6F415035}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{46AEA0D6-0871-47F3-8CB0-316D7B780A5A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EA32C661-29D2-42E7-9480-9525139E8138}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FBF87D0A-6E5E-4C15-80E3-E40332A359C2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E0FE525C-867C-4D79-A71D-F27329CB54BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

Wiederherstellungspunkte konnten nicht aufgelistet werden
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Fehlerhafte Geräte im Gerätemanager =============

Konnte Geräte nicht auflisten. Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Der Dienst der Ereignisanzeige konnte nicht gestartet werden, Einträge konnten nicht gelesen werden.

Systemfehler 123 aufgetreten.

Die Syntax f�r den Dateinamen, Verzeichnisnamen oder die Datentr�gerbezeichnung ist falsch.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 35%
Installierter physikalischer RAM: 8061.27 MB
Verfügbarer physikalischer RAM: 5237.43 MB
Summe virtueller Speicher: 9341.27 MB
Verfügbarer virtueller Speicher: 5812.27 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:672.21 GB) (Free:565.74 GB) NTFS
Drive e: (Volume) (Fixed) (Total:244.14 GB) (Free:172.93 GB) NTFS
Drive w: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:13.58 GB) (Free:0.25 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2B6ADCD7)

Partition: GPT.

==================== Ende von Addition.txt ============================
         
__________________


Alt 27.04.2016, 09:50   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cisB59C.exe <==== ACHTUNG
BHO: Kein Name -> {ea896dda-28ab-40bd-9a59-68fde8d68196} -> Keine Datei
BHO: Kein Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Keine Datei
BHO: Kein Name -> {F2B34DA5-14AF-8CF9-FF1C-D4EEF61C0313} -> Keine Datei
Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll => Keine Datei
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden
HR Extension: (Store) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17] [UpdateUrl: https://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
HR Extension: (Full Screen) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima [2014-10-28] [UpdateUrl: https://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Wallet) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17] [UpdateUrl: https://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
C:\Program Files\AdTrustMedia
C:\ProgramData\cisB59C.exe
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
__________________

Alt 27.04.2016, 22:10   #19
Kaffee
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Mel (2016-04-27 23:01:53) Run:1
Gestartet von C:\Users\Mel\Desktop\FRST
Geladene Profile: Mel (Verfügbare Profile: Mel)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cisB59C.exe <==== ACHTUNG
BHO: Kein Name -> {ea896dda-28ab-40bd-9a59-68fde8d68196} -> Keine Datei
BHO: Kein Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Keine Datei
BHO: Kein Name -> {F2B34DA5-14AF-8CF9-FF1C-D4EEF61C0313} -> Keine Datei
Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll => Keine Datei
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden
HR Extension: (Store) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17] [UpdateUrl: https://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
HR Extension: (Full Screen) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima [2014-10-28] [UpdateUrl: https://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Wallet) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17] [UpdateUrl: https://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
C:\Program Files\AdTrustMedia
C:\ProgramData\cisB59C.exe
emptytemp:
         
*****************

C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ea896dda-28ab-40bd-9a59-68fde8d68196}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{ea896dda-28ab-40bd-9a59-68fde8d68196} => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2B34DA5-14AF-8CF9-FF1C-D4EEF61C0313}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{F2B34DA5-14AF-8CF9-FF1C-D4EEF61C0313} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Wert erfolgreich entfernt
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Schlüssel nicht gefunden. 
CHR dev: Chrome dev build erkannt! <======= ACHTUNG => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}" => Schlüssel erfolgreich entfernt
"HKCR\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}" => Schlüssel erfolgreich entfernt
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => Wert erfolgreich entfernt
HR Extension: (Store) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17] [UpdateUrl: https://epicunitscan.info/00service/update2/crx] <==== ACHTUNG => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
HR Extension: (Full Screen) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima [2014-10-28] [UpdateUrl: https://epicunitscan.info/00service/update2/crx] <==== ACHTUNG => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ACHTUNG => nicht gefunden
"C:\Program Files\AdTrustMedia" => nicht gefunden.
"C:\ProgramData\cisB59C.exe" => nicht gefunden.
EmptyTemp: => 627.3 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 23:02:09 ====
         

Alt 27.04.2016, 22:22   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.04.2016, 22:36   #21
Kaffee
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Zuerst Addition, das FRST-Log kommt zum Schluss

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Mel (2016-04-27 23:29:35)
Gestartet von C:\Users\Mel\Desktop\FRST
Windows 8.1 (X64) (2014-11-08 13:08:36)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3436712697-1915681797-834199881-500 - Administrator - Disabled)
Gast (S-1-5-21-3436712697-1915681797-834199881-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3436712697-1915681797-834199881-1028 - Limited - Enabled)
Mel (S-1-5-21-3436712697-1915681797-834199881-1001 - Administrator - Enabled) => C:\Users\Mel

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: COMODO Antivirus (Disabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Disabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

5KPlayer 2.1 (HKLM-x32\...\5KPlayer_is1) (Version:  - DearMob, Inc.)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{306823F5-9E3B-6FEA-77B0-C9F9B725D7C4}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 48.12.18.254 - Comodo)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
COMODO Antivirus (HKLM\...\{73830292-868E-4C82-9AF5-CCFE2047B6A3}) (Version: 8.2.0.4508 - COMODO Security Solutions Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}) (Version: 1.2.1.31 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.59.74 - Dell Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16483 - Landesfinanzdirektion Thüringen)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoPro App (x32 Version: 5.7.549 - GoPro, Inc.) Hidden
GoPro Studio 2.5.7 (HKLM-x32\...\{b996dca2-156c-4d2c-b9a3-59fac08cef33}) (Version: 2.5.7.549 - GoPro, Inc.)
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
K-Lite Codec Pack 10.7.1 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.1 - )
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{AB8304F0-383F-4F80-8988-87727C415BF7}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 (HKLM\...\MX.{FFDC29E6-5C7C-4AA8-AF5A-99E015165382}) (Version: 14.0.0.159 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 (Version: 14.0.0.159 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
PDF24 Creator 6.0.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoFiltre 7 (HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\PhotoFiltre 7) (Version:  - )
PowerXpressHybrid (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
PrivDog (HKLM\...\{C01D249F-23DA-45B1-A5FF-12ECD647D5C6}) (Version: 3.0.108.0 - PrivDog.com)
PrivDog 2 Legacy Browser Plug-ins (HKLM-x32\...\PrivDog) (Version: 2.2.0.14 - privdog.com)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 1.9.16.7446 - Medixant)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6741 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Visual Business Cards 4 (HKLM-x32\...\Visual Business Cards 4_is1) (Version:  - Tailwag Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.3900 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{6D44919D-A87F-4D57-841E-4DA3354D29EE}) (Version: 23.00.1146 - Buhl Data Service GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3436712697-1915681797-834199881-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3436712697-1915681797-834199881-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\3499\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04BFA561-CB39-4347-9EC9-17ABC78B4C21} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-29] (Adobe Systems Incorporated)
Task: {0C0ADFC6-6EC1-44CD-9732-8ADB0A95B6CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-11-08] (Apple Inc.)
Task: {329B52CD-4F6A-4F9A-BF31-72FB7E9EEA8D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-03-21] (Dell Inc.)
Task: {37746AE9-A856-46FD-A4E0-5633BE2914F2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {3CE59B5C-AA0D-41EA-8209-39F2946B3F98} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-15] (COMODO)
Task: {41893B4C-D665-45E2-AB0F-B79CE4E07491} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {42B0E4EE-30EE-4E09-B539-86B7E178917D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-13] (COMODO)
Task: {516D846E-8AF5-454B-844D-15DD14E0CE03} - System32\Tasks\Opera scheduled Autoupdate 1381657778 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-15] (Opera Software)
Task: {6C341080-73A6-4A35-8535-11859CE13D20} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {76CF64AF-1C51-42F6-B9E7-EB1588BD34F4} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-15] (COMODO)
Task: {821EC7C5-9F97-4C39-AF4D-AED3FC041537} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-28] (Piriform Ltd)
Task: {90DAEC80-C73D-40E0-8882-80DE0C997078} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-15] (COMODO)
Task: {966E332A-D1A1-45A7-83CE-9228FA0C9C10} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-13] (COMODO)
Task: {A77BF21E-2652-41D6-8801-92426AA6A96B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {B7EB21BB-9D0A-4175-B8DA-844C33B2E3D5} - System32\Tasks\G2MUpdateTask-S-1-5-21-3436712697-1915681797-834199881-1001 => C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe [2016-04-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BB7B344A-DAD0-4407-BB51-8DD17BD50392} - System32\Tasks\G2MUploadTask-S-1-5-21-3436712697-1915681797-834199881-1001 => C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe [2016-04-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BCE38CFF-A98D-4410-918C-D4972A5184B7} - System32\Tasks\avastBCLRestartS-1-5-21-3436712697-1915681797-834199881-1001 => Chrome.exe 
Task: {BF598F5D-B55A-437B-BD23-444AAD22DFDC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-15] (COMODO)
Task: {C166FC38-9DF9-4A14-B317-716D101EFC35} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {CA53B138-9EA7-45DC-B604-32A39B16E273} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-09-04] ()
Task: {D2C1060F-54E3-4246-ADE2-1FEE118EAC67} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-25] (PC-Doctor, Inc.)
Task: {D7E6D9BA-2DCB-4EAC-9AE9-CCCE99B6FCD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
Task: {FED6DA46-EB72-41D6-8CDA-371C59511E3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3436712697-1915681797-834199881-1001.job => C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3436712697-1915681797-834199881-1001.job => C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-29 20:00 - 2012-10-29 20:00 - 00047480 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-01-08 23:02 - 2016-03-16 12:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-07-01 03:16 - 2015-07-01 03:16 - 05023984 _____ () C:\Program Files\Synaptics\SynTP\DellTouchpad.exe
2015-05-08 20:50 - 2015-05-08 20:50 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-10-03 00:15 - 2015-10-03 00:15 - 02287616 _____ () C:\Program Files (x86)\GoPro\Tools\Importer\gopro-lib-win-analytics.dll
2016-02-21 03:14 - 2016-02-21 03:14 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8e749780289ceb24f72730345e019061\PSIClient.ni.dll
2013-02-28 13:08 - 2012-09-12 22:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-02-28 13:08 - 2012-08-06 11:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-02-28 13:08 - 2012-08-06 11:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2013-02-28 12:50 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aspnet_counters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fsquirt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msaudite.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcr120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0002.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0020.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [6
         

Geändert von Kaffee (27.04.2016 um 23:08 Uhr)

Alt 27.04.2016, 22:55   #22
Kaffee
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Code:
ATTFilter
AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SynCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SynTPAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SynTPCo20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aspnet_counters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDORes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID [64]
         

Alt 27.04.2016, 22:57   #23
Kaffee
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Code:
ATTFilter
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SynCom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\browserMon.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BTHUSB.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CFRMD.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\DDDriver64Dcsa.sys:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\DellProf.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasl2tp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rfcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynTP.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbvideo.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volsnap.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Desktop\12522962_10153973378988397_8495080215363569311_n.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\(Ghost) Riders In The Sky (Instrumental) Johnny Cash Cover.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\(Ghost) Riders In The Sky (Instrumental) Johnny Cash Cover.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\03. Niggaz 4 Life (1).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\09, Real Niggaz.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10022013121.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10022013122.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10022013123.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10406489_751444694945707_2351825098231273560_n.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10599408_603713349730786_8167908917899286016_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\11042191_856791301060381_1896024161_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\11312624_900364740036370_7501947428853969037_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\11334342_900364833369694_638369278_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\11420154_940680132638122_1265323655_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\13866161251880.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20070401.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\2012 08 Foto1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\2012 08 Foto2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\2014-1190659.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140702_221640.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140702_224325.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140704_192401.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140704_192407.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140704_202536.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150121_090143.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150122_181825.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150122_181834.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150122_181857.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150122_181859.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150123_150513.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150123_150521.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150123_150544.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150215_173511.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150215_174837.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150215_174850.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150215_174902.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_085853 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_085853.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130541 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130541.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130549 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130549.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130555 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130555.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130627.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150415_095700.jpg:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\20150415_095700.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150730_53_150729_PFERDEWO_PWHP_020000_4_01.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\20150730_53_150729_PFERDEWO_PWHP_020000_4_01.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\2016-0782_2016-02-15__708.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\2016-0782_2016-02-15__708.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\32754_1600x1200-wallpaper-cb1322759774.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\4390269_Rechnung.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\5kplayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\5kplayer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\6571507.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\6571507.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\A Letter from Pat Parelli.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AA28561775.PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AA49623398 (1).PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AA49623398.PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Ablaufplan Ri. + Ausb. (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Ablaufplan Ri. + Ausb..pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AdwCleaner_5.112.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\AdwCleaner_5.112.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AGB.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Anmeldung_draussenzeit_2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226101228.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102236.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102322.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102355.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102600.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102919.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103007.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103202.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103252.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103328.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103550.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104012.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104016.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104041.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104051.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104120.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150413150407.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191606.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191606.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191842.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191842.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191915.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191915.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191944.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191944.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192026.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192026.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192113.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192113.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192136.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192136.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192149.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192149.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192213.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192213.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192407.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192608.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192608.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192703.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192703.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725193427.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725193427.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150921112956.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AUS S Doppellonge Gehrmann 11.3.2015 Adelheidsdorf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\BauanleitungWEBA101.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\BauanleitungWEBA101.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Beurteilung der Pferdes.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\bild.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\BUN60427.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\BYAFFTD.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\BYAFFTD.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\CAV-Schermotive-Jana-Wenzel-Bilder-131_b (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\CAV-Schermotive-Jana-Wenzel-Bilder-131_b.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Cavallo (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Cavallo.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\cav_installer_5951_60.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\cav_installer_5951_60.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ccsetup506.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\ccsetup506.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ccsetup507.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\ccsetup507.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\certificate.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\certificate.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ClassicShellSetup_4_2_1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\ClassicShellSetup_4_2_1.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Comodo Antivirus - CHIP-Installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Comodo Antivirus - CHIP-Installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Cremello Longe.avi:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Cremello Longe.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnocell.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnolythe S100 (4).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnolythe S100 (5).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnolythe S100(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnolythe S100(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnoturbo.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnoturbo.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Plantagines.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Der_Hufmechanismus.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Der_Hufmechanismus.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHLreturn_6215473711 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHLreturn_6215473711.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHL_label_2015-3-2_10-30-16.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHL_label_2015-3-2_10-51-46.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHL_label_2015-3-4_12-0-16.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHL_label_2015-3-4_12-2-7.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05594.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05595.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05596.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05597.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05598.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05601.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC_0249.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC_3529.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\D_15_10_13_Analgesie_beim_Pferd.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\D_15_10_13_Analgesie_beim_Pferd.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Einhorn.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ElsterFormular-16.1.20150424p (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\ElsterFormular-16.1.20150424p (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ElsterFormular-16.1.20150424p.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\ElsterFormular-16.1.20150424p.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Ergebnisse_Altefeld_2013.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Ergebnisse_Altefeld_2013.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\erster-Galopp-quali-fb.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\facebook-100008889309795.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Fehr von und zu Hone-Piepeln  Ende.odt:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Fehr von und zu Hone-Piepeln  Ende.odt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Firefox Setup Stub 38.0.5.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Firefox Setup Stub 38.0.5.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\flash188 (1).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\flashplayer18_ga_install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\flashplayer18_ga_install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Floating-Boots-Hufschuhe.ibooks:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_ORHBST27200_0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_OZZRZ414366_0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_S12K4L5809_0.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_S12K4L5809_0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_ZTBNSW14534_0.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_ZTBNSW14534_0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Gebrauchsanleitung Magnovital.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\gk417627_rueckmeldung_zum_sose_2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\GoogleEarthSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\GoogleEarthSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\GoProStudioPC-2.5.7.549.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\GoProStudioPC-2.5.7.549.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\******0.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\******0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Helmtest (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Helmtest.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\HUFCHECK_Widerrufsformular_150321.pdf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Hufkurs Tina 2015 (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Hufkurs Tina 2015.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (1).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (2).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (2).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (3).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (3).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (4).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (5).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (6).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_1134.MOV:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_2567 (1).MOV:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5730.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5732.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5734.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5738.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5741.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5743.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5745.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\install_flashplayer16x32au_chra_dy_aaa_aih.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\install_flashplayer16x32au_chra_dy_aaa_aih.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Jastin (2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\JRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Kontoauszug_1010244042_Nr_2015_003_per_2015_03_03.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Kontoauszug_1010244042_Nr_2015_004_per_2015_04_02.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\KV *******Touran.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\KV *******Touran.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\longenkurs_neu (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\longenkurs_neu.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Lucky.odt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Löwenzahn 1.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\mbar-1.09.3.1001.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\mbar-1.09.3.1001.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\MediaMonkey_4.1.7.1741.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\MediaMonkey_4.1.7.1741.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\mewithoutyou.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Michael Putz - über die Reiterhand.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Mietvertrag mit Zahlungsmöglichk  eiten (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Mietvertrag mit Zahlungsmöglichk  eiten.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Muster-Widerrufsformular.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Natur des Guten.doc:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Natur des Guten.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Normen-8-ProdSV.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\note.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer(1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Pat_Parelli_7_Secrets.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Pat_Parelli_7_Secrets.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Preisliste Deckblatt_AGB_Warengruppen_Handwerker.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Preisliste Hippomed 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Preisliste_11_2014.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Produktblatt_Air-One.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\radiantsetup19167446d.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\radiantsetup19167446d.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung ********.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung56988 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung56988.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung_Bambi_November_2014.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung_Nr_3988 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Reflektion 01.doc:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Reflektion 01.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\RF 2014-1190659 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\RF 2014-1190659 (2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\RF 2014-1190659.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\scan0011.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\schneesturm.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Screenshot_2014-10-27-21-31-30.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\SEPA_B2C_HUFCHECK.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ServiceLogin:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ServiceLogin (1):$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\setup_Mein_CEWE_FOTOBUCH.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\setup_Mein_CEWE_FOTOBUCH.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\sonderdeklaration -berufshaftpflicht.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Soziologie.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Soziologie.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Strohm_Preisliste_Handwerker_Stand_29.01.2016.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Strohm_Preisliste_Handwerker_Stand_29.01.2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Termine Thies Böttcher 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Theorie Level 1 Teil 01 - Beziehung.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\THHpreis_Gewerbe.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Trab-fb-quali.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Trainingstipps Naturtrailpark Dülmen.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\trial_videodeluxe2015_dlm (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\trial_videodeluxe2015_dlm (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\trial_videodeluxe2015_dlm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\trial_videodeluxe2015_dlm.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\TTIP_FiRe_REIMON.pdf.gpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\vcredist_x86.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\vcredist_x86.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Vettec Seminar (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Vettec Seminar.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\VID-20150720-WA0000.3gp:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\VID-20150720-WA0000.3gp:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\VID-20150720-WA0000.3gp.part:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Viehtransporter-KR-T-1993.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Vorschau 2015 Kurzfassung.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\WISOSteuersoftware2016.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\WISOSteuersoftware2016.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\WP_000073.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ZE EQ Bodenarbeit Mai 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ZE Vielseitiges Modell Mai 2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Zeiteinteilung Reitkurs Mai (1).xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Zeiteinteilung Reitkurs Mai (2).xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Zeiteinteilung Reitkurs Mai (3).xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Zeiteinteilung Reitkurs Mai.xls:$CmdZnID [26]
         

Alt 27.04.2016, 23:06   #24
Kaffee
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Code:
ATTFilter
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2016-04-08 01:31 - 00000865 ____A C:\WINDOWS\system32\Drivers\etc\hosts


0.0.0.1	mssplus.mcafee.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3436712697-1915681797-834199881-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mel\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 213.228.128.156 - 213.228.128.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D988C045-0A87-4779-A1BF-282317C2E233}] => (Allow) C:\Program Files\Opera x64\opera.exe
FirewallRules: [{9585F46B-3D31-4B97-90A9-CFC656A71F67}] => (Allow) C:\Program Files\Opera x64\opera.exe
FirewallRules: [{3516FC24-DA15-4E8F-9746-5BEFBC0EBA56}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{AE152F8A-54A0-4727-920A-A6153AFA8110}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{BB8F3933-74E0-4BA1-AC4B-C88F3AC0AA7E}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{4CE85C3C-DE71-4624-8B9C-73AE30819EEC}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{6D599B07-7BF1-498F-BA5D-CB4D118038E7}] => (Allow) LPort=1900
FirewallRules: [{75DE866E-99CC-42F6-921C-67F52CA2FC24}] => (Allow) LPort=2869
FirewallRules: [{B472E67B-2C1D-440E-A3C3-3534374274F1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{58F4F384-A2C7-4F8F-8269-32C48A7E3216}] => (Allow) C:\Program Files\MAGIX\Video deluxe 2015\Videodeluxe.exe
FirewallRules: [{20D8638A-BF78-4E0B-BA09-82A4B1CE075E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{40208536-24F5-4734-A2CE-D01CFCB003E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC83CC7E-707C-4E7C-BDD3-A9056A03C89A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BC02E8C5-AB46-4E34-B7BD-59126ACB5196}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{41E03FB4-E2BE-49F3-992C-69E18B51C5BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{12523BF8-89B1-411B-9CBB-B51C6F415035}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{46AEA0D6-0871-47F3-8CB0-316D7B780A5A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EA32C661-29D2-42E7-9480-9525139E8138}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FBF87D0A-6E5E-4C15-80E3-E40332A359C2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E0FE525C-867C-4D79-A71D-F27329CB54BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

07-04-2016 23:51:44 Geplanter Prüfpunkt
13-04-2016 03:31:04 Windows Update
19-04-2016 21:17:04 Dell Update: eDellRoot Removal
19-04-2016 21:20:03 Dell Update: DSD Cert Removal
22-04-2016 03:24:39 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/27/2016 11:28:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ERUNT.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: uxtheme.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54503957
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000322ff
ID des fehlerhaften Prozesses: 0x16d0
Startzeit der fehlerhaften Anwendung: 0xERUNT.exe0
Pfad der fehlerhaften Anwendung: ERUNT.exe1
Pfad des fehlerhaften Moduls: ERUNT.exe2
Berichtskennung: ERUNT.exe3
Vollständiger Name des fehlerhaften Pakets: ERUNT.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ERUNT.exe5

Error: (04/27/2016 11:27:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ERUNT.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: uxtheme.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54503957
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000322ff
ID des fehlerhaften Prozesses: 0x15a4
Startzeit der fehlerhaften Anwendung: 0xERUNT.exe0
Pfad der fehlerhaften Anwendung: ERUNT.exe1
Pfad des fehlerhaften Moduls: ERUNT.exe2
Berichtskennung: ERUNT.exe3
Vollständiger Name des fehlerhaften Pakets: ERUNT.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ERUNT.exe5

Error: (04/27/2016 11:01:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ERUNT.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18194, Zeitstempel: 0x569515fc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006063c
ID des fehlerhaften Prozesses: 0x770
Startzeit der fehlerhaften Anwendung: 0xERUNT.exe0
Pfad der fehlerhaften Anwendung: ERUNT.exe1
Pfad des fehlerhaften Moduls: ERUNT.exe2
Berichtskennung: ERUNT.exe3
Vollständiger Name des fehlerhaften Pakets: ERUNT.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ERUNT.exe5

Error: (04/27/2016 10:56:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ERUNT.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18194, Zeitstempel: 0x569515fc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006063c
ID des fehlerhaften Prozesses: 0x3c8
Startzeit der fehlerhaften Anwendung: 0xERUNT.exe0
Pfad der fehlerhaften Anwendung: ERUNT.exe1
Pfad des fehlerhaften Moduls: ERUNT.exe2
Berichtskennung: ERUNT.exe3
Vollständiger Name des fehlerhaften Pakets: ERUNT.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ERUNT.exe5

Error: (04/27/2016 09:36:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203

Error: (04/27/2016 09:36:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203

Error: (04/27/2016 09:36:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/27/2016 03:06:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2343

Error: (04/27/2016 03:06:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2343

Error: (04/27/2016 03:06:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Systemfehler:
=============
Error: (04/27/2016 11:07:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Dell Digital Delivery Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/27/2016 11:07:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Dell Digital Delivery Service erreicht.

Error: (04/27/2016 11:03:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Privacy Content Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/22/2016 03:14:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/22/2016 03:14:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (04/22/2016 03:14:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Dell Digital Delivery Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/22/2016 03:14:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Dell Digital Delivery Service erreicht.

Error: (04/22/2016 03:10:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Privacy Content Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/22/2016 03:09:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (04/22/2016 03:09:09 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll


CodeIntegrity:
===================================
  Date: 2016-04-27 23:24:33.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-27 23:14:56.926
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-27 22:31:07.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-27 03:00:58.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-23 23:31:47.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-22 03:34:34.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-22 03:13:55.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-22 03:07:30.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-18 20:57:57.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-18 20:51:09.163
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 8061.27 MB
Verfügbarer physikalischer RAM: 5628.19 MB
Summe virtueller Speicher: 9341.27 MB
Verfügbarer virtueller Speicher: 5701.97 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:672.21 GB) (Free:566.27 GB) NTFS
Drive e: (Volume) (Fixed) (Total:244.14 GB) (Free:172.72 GB) NTFS
Drive w: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:13.58 GB) (Free:0.25 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2B6ADCD7)

Partition: GPT.

==================== Ende von Addition.txt ============================
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Mel (Administrator) auf MELLI (27-04-2016 23:28:38)
Gestartet von C:\Users\Mel\Desktop\FRST
Geladene Profile: Mel (Verfügbare Profile: Mel)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
() C:\Program Files\Synaptics\SynTP\DellTouchpad.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [11229696 2012-09-18] (Dell Inc.)
HKLM\...\Run: [DellWPF] => C:\Program Files\Synaptics\SynTP\DellTouchpad.exe [5023984 2015-07-01] ()
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-04-13] (COMODO)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164080 2015-06-30] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2015-07-01] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2016-02-09] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2016-02-09] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3218184 2015-12-07] (GoPro)
HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-28] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2016-02-09] (Apple Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-02-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: 0.0.0.1	mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 213.228.128.156 213.228.128.6
Tcpip\..\Interfaces\{F4FB4CEC-014F-4D8F-A0FC-3E7B000991F7}: [DhcpNameServer] 213.228.128.156 213.228.128.6

Internet Explorer:
==================
HKU\S-1-5-21-3436712697-1915681797-834199881-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130892486228506907&GUID=D00FD029-311D-44C6-89EF-5EC74D2BD500
HKU\S-1-5-21-3436712697-1915681797-834199881-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-3436712697-1915681797-834199881-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-06-27] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-06-27] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)

FireFox:
========
FF ProfilePath: C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\s8geii9f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-09] ()
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3436712697-1915681797-834199881-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Mel\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-10] (Citrix Online)
FF Extension: ADB Helper - C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\s8geii9f.default\Extensions\adbhelper@mozilla.org [2016-02-13]
FF Extension: Valence - C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\s8geii9f.default\Extensions\fxdevtools-adapters@mozilla.org [2016-02-24]

Chrome: 
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR Profile: C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Drive) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-02]
CHR Extension: (YouTube) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-02]
CHR Extension: (Google-Suche) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17]
CHR Extension: (Full Screen) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima [2014-10-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Wallet) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Mail) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-02]

Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\Mel\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-08]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-11-08] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2304184 2016-04-08] (Comodo)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5799552 2016-04-15] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-04-15] (COMODO)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-10-15] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-04-09] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-04-09] (Dell Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [Datei ist nicht signiert]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-09-11] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-04-08] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-01] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-03-21] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-12] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6334464 2012-09-18] (Dell Inc.) [Datei ist nicht signiert]
S2 Privacy Content Firewall; "C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogService.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 admnfd; C:\WINDOWS\system32\Drivers\admnfd.sys [49496 2014-12-04] (Windows (R) Win 7 DDK provider)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6834760 2012-09-13] (Broadcom Corporation)
R1 browserMon; C:\Windows\System32\DRIVERS\browserMon.sys [20728 2015-03-09] (Windows (R) Win 7 DDK provider)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2015-12-30] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-04-06] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [846104 2016-04-06] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-04-06] (COMODO)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-13] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-03-21] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138560 2016-04-06] (COMODO)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2015-07-01] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-08-12] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-08-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-12] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-27 22:57 - 2016-04-27 23:02 - 00000000 ____D C:\Users\Mel\Desktop\FRST
2016-04-24 19:09 - 2016-04-24 19:09 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-04-22 03:33 - 2016-04-22 03:33 - 00001065 _____ C:\Users\Mel\Desktop\JRT.txt
2016-04-22 03:22 - 2016-04-22 03:23 - 01610352 _____ (Malwarebytes) C:\Users\Mel\Downloads\JRT.exe
2016-04-22 02:57 - 2016-04-22 03:07 - 00000000 ____D C:\AdwCleaner
2016-04-22 02:56 - 2016-04-22 02:57 - 03683904 _____ C:\Users\Mel\Downloads\AdwCleaner_5.112.exe
2016-04-20 21:13 - 2016-04-20 22:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-20 20:50 - 2016-04-20 22:16 - 00000000 ____D C:\Users\Mel\Desktop\mbar
2016-04-20 20:49 - 2016-04-20 20:50 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Mel\Downloads\mbar-1.09.3.1001.exe
2016-04-20 04:21 - 2016-04-20 04:21 - 00053994 _____ C:\Users\Mel\Desktop\ScanLog Malwarebytes.txt
2016-04-20 03:20 - 2016-04-27 23:28 - 00000000 ____D C:\FRST
2016-04-20 03:12 - 2016-04-20 20:51 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-20 03:12 - 2016-04-20 03:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-20 03:12 - 2016-04-20 03:12 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-20 03:12 - 2016-04-20 03:12 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-20 03:12 - 2016-04-20 03:12 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-20 03:12 - 2016-04-20 03:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-20 03:12 - 2016-04-20 03:12 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-04-20 03:09 - 2016-04-20 03:09 - 01475080 _____ C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2016-04-18 02:19 - 2016-04-18 02:19 - 00107206 _____ C:\Users\Mel\Desktop\KfzVersicherung_eVB_1411-0177-3540-59.pdf
2016-04-18 02:11 - 2016-04-18 02:11 - 00236557 _____ C:\Users\Mel\Desktop\Versicherungsbedingungen_ROLAND_Schutzbrief.pdf
2016-04-16 11:24 - 2016-04-16 11:24 - 00000000 ____D C:\ProgramData\Comodo Downloader
2016-04-15 10:29 - 2016-04-15 10:29 - 00200202 _____ C:\Users\Mel\Downloads\BYAFFTD.pdf
2016-04-13 15:15 - 2016-04-22 03:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-13 14:39 - 2016-04-13 03:32 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-13 14:39 - 2016-04-13 03:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-13 03:10 - 2016-04-13 03:10 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-04-13 03:10 - 2016-04-13 03:10 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-04-13 03:10 - 2016-04-13 03:10 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-04-13 03:10 - 2016-04-13 03:10 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-13 03:10 - 2016-04-13 03:10 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-04-13 03:09 - 2016-04-13 03:09 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 03:09 - 2016-04-13 03:09 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-13 03:09 - 2016-04-13 03:09 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-13 03:09 - 2016-04-13 03:09 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-04-13 03:09 - 2016-04-13 03:09 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-13 03:09 - 2016-04-13 03:09 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-04-13 03:09 - 2016-02-03 17:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-04-13 03:08 - 2016-04-13 03:08 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 03:08 - 2016-04-13 03:08 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 03:08 - 2016-04-13 03:08 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 03:08 - 2016-04-13 03:08 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 03:08 - 2016-04-13 03:08 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 03:08 - 2016-04-13 03:08 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-04-13 03:08 - 2016-04-13 03:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 03:08 - 2016-04-13 03:08 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-04-13 03:08 - 2016-04-13 03:08 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-04-13 03:07 - 2016-04-13 03:07 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-04-13 03:07 - 2016-04-13 03:07 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-04-13 03:07 - 2016-04-13 03:07 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-04-13 03:07 - 2016-04-13 03:07 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-09 00:04 - 2016-04-09 00:04 - 00000000 __HDC C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9}
2016-04-08 01:31 - 2016-04-08 01:31 - 00001982 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-04-08 01:31 - 2016-04-08 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-04-08 01:28 - 2016-04-08 01:28 - 00000000 ____D C:\Program Files (x86)\Comodo
2016-04-04 09:09 - 2016-04-04 09:09 - 00423918 _____ C:\Users\Mel\Downloads\KV Gutwein Touran.pdf
2016-04-03 03:24 - 2016-04-03 03:24 - 02167958 _____ C:\Users\Mel\Downloads\Datenblatt Magnolythe S100(1).pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-27 23:27 - 2013-06-03 23:29 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-27 23:22 - 2014-01-27 15:37 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-27 23:13 - 2013-02-28 13:08 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-04-27 23:06 - 2015-11-14 23:38 - 01130496 ___SH C:\Users\Mel\Desktop\Thumbs.db
2016-04-27 23:05 - 2015-10-13 20:03 - 00000562 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3436712697-1915681797-834199881-1001.job
2016-04-27 23:04 - 2014-01-27 15:37 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-27 23:03 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-27 23:02 - 2015-06-30 00:27 - 00079786 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2016-04-27 23:01 - 2015-10-13 21:22 - 00000000 ____D C:\Users\Mel\AppData\LocalLow\Temp
2016-04-27 22:53 - 2013-08-15 22:22 - 00000000 ____D C:\Users\Mel\AppData\Roaming\MediaMonkey
2016-04-27 22:49 - 2015-05-26 00:13 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2016-04-27 02:15 - 2015-10-13 20:03 - 00000658 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3436712697-1915681797-834199881-1001.job
2016-04-27 02:03 - 2015-06-30 02:23 - 00000000 ____D C:\Users\Mel\AppData\Local\ClassicShell
2016-04-23 23:55 - 2015-05-27 02:29 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-22 03:51 - 2013-05-30 17:30 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3436712697-1915681797-834199881-1001
2016-04-22 03:24 - 2014-01-27 15:38 - 00002209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-22 03:17 - 2014-01-27 15:37 - 00004102 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-22 03:17 - 2014-01-27 15:37 - 00003866 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-22 03:12 - 2014-03-27 02:36 - 00000000 ____D C:\Users\Mel\Desktop\NH
2016-04-22 03:09 - 2015-06-08 03:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-22 03:09 - 2014-11-08 03:32 - 00000000 ____D C:\Users\Mel
2016-04-20 08:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-04-20 00:14 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-16 11:15 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-15 22:38 - 2015-10-13 20:03 - 00003648 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3436712697-1915681797-834199881-1001
2016-04-15 22:38 - 2015-10-13 20:03 - 00003552 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3436712697-1915681797-834199881-1001
2016-04-15 01:08 - 2014-09-24 07:43 - 02048530 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-15 01:08 - 2014-09-24 07:43 - 00581024 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-15 00:55 - 2016-03-18 21:37 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 36.lnk
2016-04-15 00:55 - 2014-06-04 00:50 - 00003862 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1381657778
2016-04-15 00:55 - 2013-10-13 11:49 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-14 00:16 - 2016-03-27 19:15 - 00000000 ____D C:\Users\Mel\Desktop\THEORIE Unterricht
2016-04-13 16:58 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 14:36 - 2013-08-22 16:44 - 00493336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-13 03:39 - 2015-04-15 08:22 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-13 03:39 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-04-13 03:39 - 2013-08-08 19:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 03:36 - 2013-06-01 15:44 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 03:04 - 2016-01-15 00:43 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-04-13 03:02 - 2016-03-09 00:12 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-13 03:02 - 2016-03-09 00:12 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-13 03:02 - 2016-03-09 00:12 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-04-11 03:41 - 2014-09-24 08:17 - 02135110 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-09 22:27 - 2015-05-27 02:29 - 00003846 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-04-09 22:27 - 2013-06-03 23:29 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-08 18:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-08 01:31 - 2015-11-14 23:43 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-04-08 01:17 - 2013-10-12 20:30 - 00000000 ____D C:\Users\Mel\Desktop\Kram
2016-04-08 01:16 - 2013-10-12 20:31 - 00000000 ____D C:\Users\Mel\Desktop\Verwaltung
2016-04-06 14:19 - 2015-04-01 18:50 - 00846104 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2016-04-06 14:19 - 2015-04-01 18:50 - 00138560 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2016-04-06 14:19 - 2015-04-01 18:50 - 00045600 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2016-04-06 14:19 - 2015-04-01 18:50 - 00032224 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2016-04-06 14:17 - 2015-04-01 18:48 - 00051800 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2016-04-06 14:16 - 2015-04-01 18:48 - 00596232 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2016-04-06 14:16 - 2015-04-01 18:48 - 00461648 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2016-04-06 14:14 - 2015-04-01 18:47 - 00365752 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2016-04-06 14:14 - 2015-04-01 18:46 - 00051896 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2016-04-06 14:12 - 2015-04-01 18:45 - 00296120 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2016-04-06 14:11 - 2015-04-01 18:45 - 00046776 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2016-04-06 01:46 - 2014-01-27 01:05 - 00068258 _____ C:\Users\Mel\Desktop\Notizen.odt
2016-03-31 23:10 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-12-14 23:30 - 2015-12-14 23:30 - 0001473 _____ () C:\Users\Mel\AppData\Local\recently-used.xbel
2013-06-02 16:13 - 2013-06-02 16:13 - 0000032 _____ () C:\ProgramData\Temp.log
2013-02-28 13:04 - 2013-02-28 13:05 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-02-28 12:59 - 2013-02-28 13:01 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-02-28 13:01 - 2013-02-28 13:02 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-02-28 12:59 - 2013-02-28 12:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-02-28 13:02 - 2013-02-28 13:04 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-23 23:36

==================== Ende von FRST.txt ============================
         

Alt 28.04.2016, 09:01   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Okay, dann Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: MBAM

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: ESET

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.05.2016, 00:07   #26
Kaffee
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Wieder tagelang ohne Internet, sorry.
In der Zwischenzeit ist es nochmal passiert, dass Mails verschickt wurden. Das ist kein gutes Zeichen, oder?

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 04.05.2016
Suchlaufzeit: 01:12
Protokolldatei: Scanlog MWB 040516.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.03.07
Rootkit-Datenbank: v2016.04.17.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Mel

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 393296
Abgelaufene Zeit: 25 Min., 22 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 10
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [84ff834eb5e4b08629ebb348a9596c94], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [84ff834eb5e4b08629ebb348a9596c94], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [84ff834eb5e4b08629ebb348a9596c94], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [84ff834eb5e4b08629ebb348a9596c94], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [84ff834eb5e4b08629ebb348a9596c94], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [84ff834eb5e4b08629ebb348a9596c94], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [84ff834eb5e4b08629ebb348a9596c94], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [84ff834eb5e4b08629ebb348a9596c94], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [84ff834eb5e4b08629ebb348a9596c94], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [84ff834eb5e4b08629ebb348a9596c94], 

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 94
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ar, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\bg, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ca, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\cs, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\da, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\de, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\el, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\en_GB, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\en_US, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\es, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\es_419, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\et, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\fi, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\fil, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\fr, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\he, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\hi, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\hu, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\id, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\it, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ja, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ko, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\lt, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\lv, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ms, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\nl, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\no, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\pl, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\pt_BR, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\pt_PT, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ro, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ru, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sk, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sl, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sr, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sv, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\th, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\tr, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\uk, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\vi, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\zh_CN, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\zh_TW, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_metadata, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima\172, In Quarantäne, [5f2414bdf6a3a0961c08df9fcb3a4eb2], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima, In Quarantäne, [5f2414bdf6a3a0961c08df9fcb3a4eb2], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 

Dateien: 110
PUP.Optional.Amonetize, C:\ProgramData\Comodo\Cis\Quarantine\data\{0402791E-7CE6-4256-870D-75DAC1E16880}, In Quarantäne, [295a478af6a3a59199eee46129d954ac], 
PUP.Optional.MultiPlug, C:\ProgramData\Comodo\Cis\Quarantine\data\{3B84F588-8F97-475A-A5F2-5C3167BA5C92}, In Quarantäne, [7211478ab6e3d066c617ab386899da26], 
PUP.Optional.MultiPlug.UNS, C:\ProgramData\Comodo\Cis\Quarantine\data\{6ABE84C2-19AF-49EE-998F-723C8B3357E5}, In Quarantäne, [a7dccb06cbce59dddd34d4ea1de5e41c], 
PUP.Optional.OptimizerPro, C:\ProgramData\Comodo\Cis\Quarantine\data\{8DA61F36-36B9-4597-B525-8470E2DC6DE8}, In Quarantäne, [d9aa5081adec58de1aaa14afd0300af6], 
PUP.Optional.MultiPlug, C:\ProgramData\Comodo\Cis\Quarantine\data\{9F0128BA-57A2-4246-8FE4-3B99E80058ED}, In Quarantäne, [2e55349dd5c463d310984c9c25db9a66], 
PUP.Optional.DownloadGuide, C:\Users\Mel\Downloads\vbcsetup_CB-DL-Manager.exe, In Quarantäne, [d1b248894059c3734801351ccb36fa06], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\manifest.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\icon_128.png, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\icon_16.png, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\main.html, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\main.js, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ar\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\bg\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ca\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\cs\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\da\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\de\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\el\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\en_GB\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\en_US\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\es\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\es_419\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\et\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\fi\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\fil\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\fr\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\he\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\hi\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\hu\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\id\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\it\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ja\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ko\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\lt\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\lv\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ms\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\nl\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\no\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\pl\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\pt_BR\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\pt_PT\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ro\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ru\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sk\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sl\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sr\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sv\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\th\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\tr\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\uk\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\vi\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\zh_CN\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\zh_TW\messages.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_metadata\verified_contents.json, In Quarantäne, [6b186f628118ed4926feec929c6936ca], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima\172\manifest.json, In Quarantäne, [5f2414bdf6a3a0961c08df9fcb3a4eb2], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima\172\background.html, In Quarantäne, [5f2414bdf6a3a0961c08df9fcb3a4eb2], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima\172\content.js, In Quarantäne, [5f2414bdf6a3a0961c08df9fcb3a4eb2], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_background.js, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_window.js, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css\craw_window.css, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html\craw_window.html, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\flapper.gif, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_128.png, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_16.png, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button.png, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_close.png, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_hover.png, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_maximize.png, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_pressed.png, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 
PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW\messages.json, In Quarantäne, [5e25567be8b149ede83cd6a8ff066a96], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f35638821e876342af7eca2cc6968b1d
# end=init
# utc_time=2016-05-03 11:59:15
# local_time=2016-05-04 01:59:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 29361
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f35638821e876342af7eca2cc6968b1d
# end=updated
# utc_time=2016-05-04 12:09:52
# local_time=2016-05-04 02:09:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f35638821e876342af7eca2cc6968b1d
# engine=29361
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-04 02:13:54
# local_time=2016-05-04 04:13:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3087 16777213 100 92 8993 34507972 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 22994175 47461974 0 0
# scanned=311426
# found=28
# cleaned=0
# scan_time=7442
sh=98C530A13883E291B94F25D65C737773D9795D86 ft=1 fh=7016297be34ea8b1 vn="Win64/Adware.PrivDog.A Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDog.exe.vir"
sh=56D57EF944BF162B8BC537AAB5156991B0D9199F ft=1 fh=0c3226c98c556085 vn="Win64/Adware.PrivDog.A Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files\AdTrustMedia\PrivDog\3.0.108.0\BrowserMon\browserMon.sys.vir"
sh=916CEA36C5CA62F8AA4B94D2B9E2D0BE19AC4D7A ft=1 fh=96b596d82b6fa30d vn="Win64/Adware.PrivDog.A Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogManager\PrivDogManager.dll.vir"
sh=9B2FFC5AEB5127EEB6560B10F4F504963BEEB590 ft=1 fh=298825a4b88c5c9b vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir"
sh=1375A8FFF1D262AD65AB09311A91AA9B96E83049 ft=1 fh=72898e0453db9d6a vn="Variante von Win32/SProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll.vir"
sh=2F367F244D08950211E4C05FB8EF8E0959BB773A ft=1 fh=20d3e0bbdedcd685 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir"
sh=133D7BEFEA6954DAB300E8457A3E8387A9140BBE ft=1 fh=4876107338c96cf2 vn="Variante von Win32/Adware.SpeedingUpMyPC.AL Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Optimizer Pro\OptProSchedule.exe.vir"
sh=E5DB01AF8C7541396D4C619A55B7B664281A5375 ft=1 fh=97edb4dad52fbf6e vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir"
sh=BF8CBE69D3B4ACFB9E1415E865BE018D9ACE3E41 ft=1 fh=f49bf18934e07ba7 vn="Variante von Win32/Adware.SpeedingUpMyPC.AG Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Optimizer Pro\OptProStart.exe.vir"
sh=D8FA5BADBC3BF7A0CE0C33E665E319D7787B8000 ft=1 fh=fbd0a861dc6bed58 vn="Variante von Win32/Adware.SpeedingUpMyPC.AL Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe.vir"
sh=BC1EF47616D2E476C28291A35DA52DE580C88964 ft=1 fh=850fb2247fe7ff1d vn="Variante von Win32/Adware.PrivDog.A Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Users\Mel\AppData\Local\AdTrustMedia\PrivDog\PrivDogSetup_3.0.97.0.exe.vir"
sh=9F5108F8CC7A2DCE7B198D616C90D9349327F94C ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi\223\content.js.vir"
sh=1500EB97505CA5F895FA5ED32C208F69E9D6D572 ft=1 fh=aad7d001e17b9be0 vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{0248E345-871C-49CF-B0B5-6C786417CBC3}"
sh=32AF21D11E450F85661BB8561271582148563934 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{396AB183-0AC8-4748-9139-3FE251261942}"
sh=3D8ABB3840873E9C2579C81A103782B354126936 ft=1 fh=fae694f419ab8f9d vn="Variante von Win32/Adware.SpeedingUpMyPC.X Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{B8819712-5FBA-4153-BC1A-513B6E1211CD}"
sh=1500EB97505CA5F895FA5ED32C208F69E9D6D572 ft=1 fh=aad7d001e17b9be0 vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{0248E345-871C-49CF-B0B5-6C786417CBC3}"
sh=32AF21D11E450F85661BB8561271582148563934 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{396AB183-0AC8-4748-9139-3FE251261942}"
sh=3D8ABB3840873E9C2579C81A103782B354126936 ft=1 fh=fae694f419ab8f9d vn="Variante von Win32/Adware.SpeedingUpMyPC.X Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{B8819712-5FBA-4153-BC1A-513B6E1211CD}"
sh=4D7D0917BD8D84B5E7D1EB1EAFE937DA32D1DEE7 ft=1 fh=ae0457b57ea1bfd2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mel\Downloads\Comodo Antivirus - CHIP-Installer.exe"
sh=7A7C3EB794BE718DCF4A0174205B63B62321A796 ft=1 fh=c71c00112927adeb vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mel\Downloads\FreeYouTubeToMP3Converter_3.12.31.325 (1).exe"
sh=7A7C3EB794BE718DCF4A0174205B63B62321A796 ft=1 fh=c71c00112927adeb vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mel\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe"
sh=34C35F6ED7B67AA6F940AAB7B4EA447F8DAFD210 ft=1 fh=ece0c35d78c32b07 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=51FCFE837822C742AAEFB49DA79C6E9096619884 ft=1 fh=75d09d8d0ffd584a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer(1).exe"
sh=2B05CD7F51AE8B6695647ABBB4CB60E246D4D9FE ft=1 fh=15569e89c9b879b7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer.exe"
sh=6AA1CABEE7E87873895BD9A41198373A1860D17D ft=0 fh=0000000000000000 vn="Win64/Adware.PrivDog.A Anwendung" ac=I fn="C:\Windows\Installer\1f1f4b0b.msi"
sh=E5C78CA0FF2409C9FDF61DA42E799D0D8C91BFF9 ft=1 fh=af49d5548d55ee71 vn="Variante von Win32/Adware.PrivDog.A Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\AdTrustMedia\PrivDog\PrivDogSetup_3.0.105.0.exe"
sh=2C27B49B90CB808A770A419969A78B32AA4EF1BB ft=1 fh=f1646be5921fcbfd vn="Variante von Win32/Adware.PrivDog.A Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\AdTrustMedia\PrivDog\PrivDogSetup_3.0.108.0.exe"
sh=56D57EF944BF162B8BC537AAB5156991B0D9199F ft=1 fh=0c3226c98c556085 vn="Win64/Adware.PrivDog.A Anwendung" ac=I fn="C:\Windows\System32\drivers\browserMon.sys"
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
COMODO Antivirus   
Windows Defender   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	21.0.0.213  
 Adobe Reader XI  
 Mozilla Firefox (45.0.2) 
 Google Chrome (49.0.2623.112) 
 Google Chrome (50.0.2661.94) 
 Google Chrome (SetupMetrics.pma..) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 Comodo Firewall cmdagent.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Alt 05.05.2016, 14:23   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Zitat:
C:\Users\Mel\Downloads\Comodo Antivirus - CHIP-Installer.exe
C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer(1).exe
C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer.exe
Und du wunderst dich wo die adware herkommt...
Von chip lädst du in Zukunft besser nix mehr. Die verarschen ihre Kunden aus reiner Profitgier. Siehe auch http://www.trojaner-board.de/168364-...mpfehlung.html und CHIP-Installer - was ist das? - Anleitungen

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Mel\Downloads\Comodo Antivirus - CHIP-Installer.exe
C:\Users\Mel\Downloads\FreeYouTubeToMP3Converter_3.12.31.325 (1).exe
C:\Users\Mel\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe
C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer(1).exe
C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer.exe
C:\Windows\Installer\1f1f4b0b.msi
C:\Windows\System32\config\systemprofile\AppData\Local\AdTrustMedia
C:\Windows\System32\drivers\browserMon.sys
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.05.2016, 23:20   #28
Kaffee
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Kriege bei FRST eine Application Error Warnung und jetzt Runtime Error 216.
Habs trotzdem laufen lassen und hoffe das war nicht ganz falsch.

Bin völlig platt, dass CHIP keine sichere Quelle (mehr?) ist, das war mir vor Ewigkeiten mal empfohlen worden und ich habe das als Laie leider nicht weiter hinterfragt. Lesson learned.

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Mel (2016-05-08 00:09:52) Run:2
Gestartet von C:\Users\Mel\Desktop\FRST
Geladene Profile: Mel (Verfügbare Profile: Mel)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\Users\Mel\Downloads\Comodo Antivirus - CHIP-Installer.exe
C:\Users\Mel\Downloads\FreeYouTubeToMP3Converter_3.12.31.325 (1).exe
C:\Users\Mel\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe
C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer(1).exe
C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer.exe
C:\Windows\Installer\1f1f4b0b.msi
C:\Windows\System32\config\systemprofile\AppData\Local\AdTrustMedia
C:\Windows\System32\drivers\browserMon.sys
emptytemp:
         
*****************

C:\Users\Mel\Downloads\Comodo Antivirus - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Mel\Downloads\FreeYouTubeToMP3Converter_3.12.31.325 (1).exe => erfolgreich verschoben
C:\Users\Mel\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe => erfolgreich verschoben
C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer(1).exe => erfolgreich verschoben
C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer.exe => erfolgreich verschoben
C:\Windows\Installer\1f1f4b0b.msi => erfolgreich verschoben
C:\Windows\System32\config\systemprofile\AppData\Local\AdTrustMedia => erfolgreich verschoben
C:\Windows\System32\drivers\browserMon.sys => erfolgreich verschoben
EmptyTemp: => 467.4 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 00:10:19 ====
         

Alt 08.05.2016, 14:56   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spam - Mails mit meinem Absender an mein Adressbuch - Standard

Spam - Mails mit meinem Absender an mein Adressbuch



Zitat:
Adobe Flash Player 21.0.0.213
Adobe Reader XI
Mozilla Firefox (45.0.2)
Google Chrome (49.0.2623.112)
Adobe Reader deinstallieren. Verwende PDF-X-Change Viewer als bessere Alternative, oftmals reicht aber auch der interne PDF-Betrachter, der im Firefox integriert ist, völlig aus!

Und was Adobe mit seinem Flash Player veranstaltet, ist irgendwo zwischen Frechheit und Inkompetenz einzustufen. In dem Teil werden ständig neue dicke Sicherheitslücken gefunden => Der Liebling aller Cyber-Kriminellen: Flash | heise Security

Also:

1. Deinstalliere Adobe Flash Player und Adobe Reader
2. Firefox musst aktualisiert werden, Chrome auch

Falls du unbedingt Flash brauchst, dann nimm einen aktuellen Google Chrome Browser parallel zum Firefox. Chrome hat den von Google gewarteten Pepper Flash Player "fest" eingebaut.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Spam - Mails mit meinem Absender an mein Adressbuch
.dll, adobe, avast, bonjour, computer, defender, desktop, dnsapi.dll, explorer, failed, firefox, flash player, google, mozilla, prozesse, realtek, registry, scan, security, services.exe, software, spam, svchost.exe, system, windows, winlogon.exe




Ähnliche Themen: Spam - Mails mit meinem Absender an mein Adressbuch


  1. Spam Mails mit meinem Namen aber fremder Mail Adresse werden an mein Adressbuch gesendet
    Überwachung, Datenschutz und Spam - 06.07.2016 (12)
  2. web.de versendet Spam mit meinem Absender
    Plagegeister aller Art und deren Bekämpfung - 28.12.2015 (13)
  3. Viele Mail Delivery System Mails, auch aus meinem Adressbuch
    Log-Analyse und Auswertung - 10.12.2015 (14)
  4. AOL Mail: Spam-Mails in meinem Namen (andere Mailadresse) an komplettes Adressbuch
    Log-Analyse und Auswertung - 11.04.2015 (19)
  5. Kontakte aus meinem Yahoo Adressbuch erhalten Spam-Emails von meinem Account
    Plagegeister aller Art und deren Bekämpfung - 23.06.2014 (11)
  6. Spam E-Mails mit ständig neuem Absender und Betreff
    Überwachung, Datenschutz und Spam - 07.05.2014 (2)
  7. SPAM MAILS vom gleichen Provider aber unterschiedlichen Absender Adressen - daher keine Möglichkeit Absender zu sperren
    Log-Analyse und Auswertung - 08.08.2013 (3)
  8. GMX versendet Spam-E-Mails unter meinen Namen an Leute aus meinem Adressbuch!
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (11)
  9. Yahoo Fremdzugriff - Spam Mails an Adressbuch verschickt - PC infiziert?
    Log-Analyse und Auswertung - 19.03.2013 (5)
  10. unbekannter Versand von E-Mails aus meinem Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (45)
  11. seltsame Mails mit meinem gmx Absender werden versendet
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  12. Spam mails an Kontakte im Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (2)
  13. Yahoo-Mail-Account versendet Spam-Mails an Kontakte aus meinem Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (3)
  14. Hilfe,mein Email-Account versendet in regelmäßigen Abständen SPAM-Mails an die Kontakt im Adressbuch
    Log-Analyse und Auswertung - 03.02.2012 (7)
  15. Outlook 2007 versendet Spam E-Mails an Adressbuch (Windows 7 64 Bit SP1)
    Log-Analyse und Auswertung - 05.01.2012 (20)
  16. Eigene Web.de-Email verschickt SPAM-Mails an gesamtes Adressbuch // MAC
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (1)
  17. Mein Hotmail Konto verschickt automatisch Spam-Mails an mein Adressbuch =/
    Plagegeister aller Art und deren Bekämpfung - 16.02.2011 (7)

Zum Thema Spam - Mails mit meinem Absender an mein Adressbuch - Code: Alles auswählen Aufklappen ATTFilter AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID [64] AlternateDataStreams: - Spam - Mails mit meinem Absender an mein Adressbuch...
Archiv
Du betrachtest: Spam - Mails mit meinem Absender an mein Adressbuch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.