Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP

Troj Vic · 27.05.2016, 19:47

Und nun Addition.txt vierter und letzter Teil:

Code:

ATTFilter

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img10.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3A692BFA-6671-4D19-B2AF-78D6340075F1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{4D0C4527-C3B3-4B02-87B5-EEA122EC851E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{90CC0254-5914-4FB0-A0D1-C492A0BD2A6B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{67A63F86-82F7-4C4E-9C80-4C4630B6AF90}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{A1A294ED-8B42-43B3-945F-F8DE649B2AC0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{76AC4411-6842-4786-A414-728D9FF747A8}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{12B7211A-1FF3-4D48-A42F-1AF6A978B09F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{BDBE0138-50AD-4811-8A97-DF9AB6A75CD2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{C5BD8750-1F1E-485F-8BB4-E5D8F52784C3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0AEA02C1-AF4E-4045-8B2F-04F7CA18E4AB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BC37A673-2134-48BF-AD99-5DD847A3151C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{1871439F-25A0-4F5F-B75A-C565B29AE7FC}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F1D1F73A-7B55-4805-8B5F-BAB46D50F969}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{902F4A0A-A567-4C46-A8FB-0CA304407F70}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{CD496ED7-2119-43D6-8185-8E4E4C3FDBED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5865851F-137A-44BD-A935-0E439BACE734}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C85EF3E9-5667-4828-B306-888A03476B2A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9842E5B4-3E47-4ECC-8124-73ECF4392912}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BDD05F30-7C09-44A4-B79A-8A5B160E20C5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F620FD69-46D0-4DA6-8FDC-AC8322834033}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{04B2CB86-05C2-4179-A4EE-9BBBAD669320}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B9A8EA02-04EB-40C6-8F71-170199A5BBB3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7830A406-AB9B-42FB-8141-7328E152107C}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{3B95141D-D942-4A64-A378-75BD97EEC919}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{653295D5-856F-4D07-AD03-F331417D86B4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{41AA97FE-2BDC-4E48-91C7-F7CA83ACC31C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{C8A97B9C-879F-4A70-8E6F-99E6820C46C1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{F233335E-EF61-48D8-89CF-F971D0DC2F9D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{3F9A5A66-4545-4FA6-9498-039D2CF82855}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9D59A053-FC9E-498E-8D0E-C583F18D7BF8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9B1E2AF2-E405-4ECB-8C21-ED878A5739D8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D08C713B-4803-4803-A54E-4AB3B0282DA0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{5A923E79-3647-439C-89DA-79FE1E62ED81}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C9EE809A-E5CB-42E0-9D97-024213B10C92}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{828FC439-B3DC-42B4-904A-35C0D0015C81}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{41C168F8-C4C0-43D3-9FCC-5C0697F90D51}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{09464B79-CEF3-49E9-959B-17C9EE62480F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8A4A44B0-A261-48D2-B178-5EC9CE91F86D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F58F6145-0D1D-42E9-8894-8AF7A8279711}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E87A5D1D-68F2-4530-96A4-6F997EF5BB75}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F37451BF-C7B9-4585-A262-C6B8B7E49B0A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0BE8CA58-953C-4B9C-B1CC-600956C1D227}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0EA7FF69-E392-4B4A-AE43-33C73294C3BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{232C17B3-54D5-415B-AEA9-593313C5951C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{524DC082-C5CE-41A8-B06A-72E161AEC74D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B45FC7B9-BD7A-494F-8B04-4172B2584121}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FCE5F76A-F713-455B-A987-05DC597D4B17}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{386A5FCA-ABC5-4C46-A1C9-9B09830F7378}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1968AFA5-3552-41E5-A6BF-94185369C2DF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{FA421636-0CD3-48E5-BD8B-0C39D11B4397}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F5200FCF-C87B-406A-BEA5-CB0DED434B9D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{72CD96A1-8797-4D78-AA05-26CA87EB5AA0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52B130A5-7ECB-4B15-83F9-E9556E9A3CDA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C7ADE57A-DC8B-4D28-8863-F14A67DB2D5D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{BB9D24DB-EEC4-4071-9865-185EB40DB669}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{E07411CF-BBF3-41F3-964D-ED762A96050F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C9CEE52F-0DE7-466E-B285-A3EE2237760A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9C33C35F-8E85-4027-AAB9-8076FB685D81}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F56EB349-0C6F-4EAA-977D-8EF6512823A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7D50A434-27C6-4624-8F88-8CD593A82233}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{02F3DA28-A113-4600-9A54-36E9AE9BD17D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{25FAD7E8-11AA-4D6A-B862-6C761D229C20}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{EBC25E8B-4DFB-4832-9E6A-E89BA0E5F63E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{192A51B8-48C0-46FC-8398-48C0F578A11F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{6CF62567-07E0-46C5-B2C4-FB7164BFC8F8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9B838AA4-84A3-4D94-99DE-2448E59F22B2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{EDABED4F-43A0-40BC-9FF6-56737700F41A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{3A9BBC9C-D959-4AF9-AEB2-FE14BB29FE79}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{763141EF-0499-4311-B941-C945793C0B39}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E6D4D32A-9530-4CAD-8AA5-C75D129AB5EC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{876F829C-E95F-446C-BDAA-CD3CAF108165}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{DC7EA9FC-0F1F-4B74-BC8C-38BF691C74F3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{48B2E8E0-62F7-481C-9607-A238B534E4DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{633D1633-545E-4D13-8381-31549B2B4F13}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F19093FB-1B4E-405F-B2DD-6AAFE673CC2B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{319C4F79-ACE4-4833-8E2E-A2209D441514}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{860C949E-4CDB-4347-A5B1-B495C32A2956}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C6094BC1-299F-4772-887A-265D3C9F9EE3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{153EE32C-FD98-46E3-B2F9-1C69A02543AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{17DFD2BD-9A0C-4FE1-89CD-85D4A79298EC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C0D052A5-724F-4F1B-8324-85D13F1E3436}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{44A671A2-E026-48D6-8F55-4F9416958A69}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0EE61A60-9E79-4D01-8250-6B5A82595853}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8BF82C58-AEF4-4FA5-B9EF-834F6CDF5103}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52AE8EF7-BE19-401D-91A7-403D81F40219}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{85212B6C-9002-4BC7-839B-E74E0CB7DDA3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{284C9E16-F55D-4E1E-B293-F42691B53F63}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{510A5BD1-3D58-4BD7-9C10-E3C6F2E3DB2B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9178D7A3-9A74-4751-A5FB-E848B3B4D5AC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{392E2B21-AA09-4C89-A2D6-B6225514A433}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{019F548A-680B-421C-8D51-59E619F91F71}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{490F1C66-78ED-457E-AC65-6465295574A4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{129329C7-6D7E-4D63-90E5-D9CC83DCF0BC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{56BAD2B3-A86D-42F5-8CD4-234577ADFDC6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{646BD37C-9B44-4FB3-A35E-2CFF624431B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{DC4077CA-2DFC-4B22-838B-83057727EED1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0496A2C5-EF8F-4BE6-9144-6941D2712791}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CCF6C2A9-7F99-421A-B07D-337F0AFEF0C5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8E73254E-4DB6-47DC-9F25-11769BE41AD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C01CDE6F-D830-41BB-9A09-BEDF57C25540}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{E7280DE0-A387-416A-A820-C4611D6C70B4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{71BB9AF2-6000-4F8A-A6BE-A21112DD9DC0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0FEDA432-7061-412D-B0A4-89C4D211975C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{CDA0CB86-BCA4-4FDF-AD7C-46A42FB316A4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A4C6EFAF-5E99-4047-9518-36BB626F771B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{3D89DCBD-BEA7-4549-8838-608811DA80A6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CA0FC011-CA62-45AF-8DE3-40F6654FE088}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{13771C19-F530-415C-91F9-AC78C98DE88A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7CC5FFBE-08C0-45B9-8F50-D9764F9BC212}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{5612FD83-9E3E-4FB4-B03D-F847279B16D3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E1A6F5B3-1A23-471C-9A28-6E866FB26DE1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9FE22B77-2572-4C4C-8951-BF8D9B91839F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5CDF8ABC-9490-4C6A-83DF-31BCFA6C00DF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D431BF17-EB72-46FD-B49F-07D03BBD7778}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9EC2FEEB-BA74-413C-93B1-479B85B3AF2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{4416A539-1EC1-4647-AF85-51CA4A1088E8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{AA773625-FEC9-4CE6-858E-B15333D9344C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0C26A71F-6B66-4097-A888-EB66F45916CD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D3B933A8-2BAE-4027-AFBC-C3DB94C3BEDC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{30E404FE-EE88-4D4B-A556-B1C3CE55BDCD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F26737A0-E21E-428B-A704-322F8B1CCAAD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{A16034BB-21A1-47CD-A08B-3D7151EE6F0B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9164A0B6-DA7C-4B88-BFCA-D08BD21E218E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{4D1FE3AD-78EF-42B4-9787-51B3EFB864E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0C59A26D-F9B0-4684-B36A-ECA79ADBB2C2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{583721D2-8C7C-403A-88DB-153927D0127E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D5C58683-88C6-473F-A73F-52BEE6CE9D04}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9E201161-FA80-4711-AC09-491BA929CFBD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C06F22DD-3571-48F9-B498-B7DAC7B8917A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{823CFDEF-C32C-4D3F-83D2-0351B78419E0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{87DE90D0-01D3-4DCB-A9F2-6FE83BE11F90}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0EBE3EF6-F987-4452-80F6-1A5BAD577CC1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{734CBCD5-3734-4018-8916-089D1E3E7266}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{43DD63DC-1EB4-44CD-B3B6-2318E63B983F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{4AA300BD-1702-4C57-B172-7E9308326EB4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F01BF9B5-BCAA-4E65-8E7A-852B4A2E2293}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C420A086-6E58-4FB5-98EF-FA6B0C8CA05C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{6C52E5D3-F5EF-41A6-9680-463482E8E36E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1DDEC9D7-ABC4-4DB1-8292-65B7F4EE66B9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{17496A54-E062-4DDF-A32B-05CB07F961A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6B23A617-3EF3-44B3-A579-C4B7E49F9C72}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{37ED0722-E77A-44A6-8B76-34B8C97EFCA8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{B8BDA52E-D2A2-4DA9-986A-8B22D9BE5C9B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{927F12A4-3F3D-4E46-9992-FC835801EF0B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B33AAB79-402F-4AD9-86ED-7F80D8D225F6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52AB9540-A9EA-495B-94F1-B406F8BFDC33}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1FE9AA2F-4647-44F5-868A-650D74FC1D50}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{AB3C87A5-BFF9-46EB-A671-C68B4D5CF6C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CC39FC06-36D7-4D36-8437-169350A2DF4D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{2A394011-8C91-4158-9793-4F73BCCFC8A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{432F0F37-27E3-45DA-800C-2DE555BF426D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{34A8B7A5-FCC1-4E63-8C20-6B4D68E33342}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{EAA0D7C8-A574-47A0-8893-7D419C27FA7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0B0B1F87-6C88-472B-BCB3-50A1275B277E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{141B6327-A5E8-405C-AA64-4BDB8F0E4FD8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{7F78EC53-48FF-481D-839F-271B126E0E96}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{5DA5AA35-FE20-4799-B36F-8E679866D5D5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{B6B34CFF-4A31-4E4C-BCA6-9A8E58D64563}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{58526625-297B-48E1-BCF2-4A25DFF299B5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9079B8E1-56A0-485B-A91A-D7FD80F12EDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{34FA9ADE-B297-4CD8-BA0C-83A8C9119688}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1FDA6F39-8116-4547-9B21-00C84CA6B227}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{B54DFD4D-00FB-479E-BDB2-E3778EEC79FF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0BF5AEEB-358B-47D1-BBBF-E214F1580BB5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B005A06F-12B9-47AA-843D-0F2C0998C07A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0372341B-4FFE-4874-BD88-F154639F30C3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{6ADE2134-F906-4C81-A349-B524970C0091}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1564D67E-2EC4-4EBD-9578-7BF427BA9EB7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{817C146D-E5BA-420F-B48C-7D8A450452AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{6360E0FF-D7BB-4132-9EBA-141589EE2EEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{01D572F0-16B9-43E5-826A-E71356EC5A35}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{35CE69A4-D2F3-406B-B45D-B48EF7C0A3BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F6341F3D-7973-4ABB-9AA7-E427E5C727BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{AD99871D-EB75-49DB-983C-911898B4688A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5A9F3789-7F85-463F-83E2-6A9560DCF5C0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1C31AA7F-126D-48B0-9AE9-AAEEDCFB0771}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{75DA1E9B-16DC-4410-B7EC-092D4E985E37}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{23A92402-AF76-45E5-813A-EE5C17E791BD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A6E956B9-F2FF-4FA4-82AD-890BE11FE20A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{37C81BDD-C040-4CAE-9453-0E621460A0FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{A3DBA858-4526-408A-8B43-0682FA2A5A7F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{20232ACA-257C-4069-93DE-D75813C0D24E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0E0F7AC3-F5EC-434B-AA23-AEAA389B6DB9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{087249FD-9231-4423-A57A-6A13D3CB7B65}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CE7FB240-4024-4E25-A0EB-C4167AB29313}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{955F2EC7-A72B-47B7-B9C9-3546CC9E40D8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{28D020CC-A812-4732-9422-03B4F3C277C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{49E604C6-072C-4865-A6C4-38E1EBC3192F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E46CD073-5723-4113-948F-F0498677E197}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{4650E7F7-1EC5-4485-A202-3A83C0640764}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1892E1AD-D304-4F4D-9245-8C3FA8A688E3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1C3E5793-CC32-4168-8CF5-47D7E365C5CD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CF1B0872-848C-49F1-B75B-E087B2D202B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{859DEA75-1A4B-441D-A07E-812CA2F9BD17}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{CEBF598F-3AC9-43B2-8211-CC36AF624BDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F399AD4C-8079-4AB7-9BC1-E28F6142708A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{3B26F8FB-4E25-4E5B-B1A8-B601517F08F1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0A3F1638-715C-462A-B8C9-A57F6BD4EBF0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9AA98031-263B-4D88-81A5-FA878F5157EF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8BC7419E-A571-4098-A752-B3B72227ACA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{5EB2FBF6-A66C-4085-8FDE-384B8BC9394C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F7D3F623-5A2E-42C5-A1C1-9797864E5501}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0371DB23-ED59-4BBF-BC87-C7658379CC23}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0A892605-F5A6-4716-819C-99A82042D9DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{502DCB77-4D94-414C-841E-881C0137051A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{94F1647C-39C0-4E1F-BC43-34E282C85FEA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6309D76E-CC9F-4A8B-9425-DAB248744DEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D1EADD00-7098-4BD0-96FA-9B37FCAA406C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B14F0D13-570A-4164-AD0A-7F4201CAD20E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{58873BBF-77E0-402D-8089-2E52FCEF65B7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1009B779-F3E1-4F85-B92C-82BBC8EB0B33}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F1D71B7D-9D78-4E8E-A452-37E252A78A4A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2C8F248A-AE1F-451C-98A0-368027B1F874}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{7F20A6F2-F908-45F6-AA51-33AE78B2104C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E5145EA9-DEB6-4B4F-B249-B91AF14491F7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D0743AE7-1B78-4440-934D-EE2280AB21A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F17CF4A9-6653-4012-9534-CA56495C3CB6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1844093D-DE5F-4DA9-882A-63EB441C4001}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{846CB1C7-F18B-402A-B9E3-CBBDB8571C88}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{20744EC2-B1DA-4004-B8A1-DE4998CA863A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0DF7F6DD-C21B-4205-923F-ACF279F636F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9A732564-3F9A-41BC-9993-38174E28AA31}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{70537F9F-685F-40DA-B14D-639FE6523512}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D69A4E34-4C13-463F-B9AC-72F464447186}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{44DADE86-585D-438A-955A-93BF7628C369}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{357AF817-5F14-4DC4-B4C0-BE7547815CCB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A24822CD-12AE-40DF-9313-26D7074767EB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{268752F1-9052-4702-954E-8BAD7280A95A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4C880AB4-A387-4486-8062-E6A1FED32807}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E0E75E75-785B-41AF-86CD-AEECE6DF24F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1B5EDD28-75ED-4045-A6CA-4F1D148DD704}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{69678128-EFD1-485F-BC58-96BFF985AB1B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{16AE488A-B512-447B-B0DD-B3ADD93A4204}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A3A8225C-98A5-401B-B7C2-9FB8BBC5337A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{9899EABD-44D4-4FDC-8B43-F6CD64A2B338}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{C9903273-33B5-4651-A660-4EE857F88BFF}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{358C11D0-6680-427F-B7A8-1DEAF045D54A}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{02A55493-FC18-42B1-8AC7-7CFAF3F7FC76}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{333B6BA7-72A7-49DB-99EF-49CE92717989}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{7B18ECB1-DEFC-4AFC-A7DE-4316961B7929}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{02D61140-D3BC-4064-A99C-D25EFEEC901A}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{7D18EEC4-665C-4C57-AABC-B75889331B15}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{6ACA6621-1B43-4201-ACDC-B40DA563F8A4}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{40A88752-9155-444A-BE91-6FDBD7EE3807}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{774A1A3C-B222-4956-BAF5-030D739A59D4}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{EA3EA2A6-EF5C-40AF-A0DC-69DDEBBA00A3}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe

==================== Wiederherstellungspunkte =========================

10-05-2016 13:56:06 Windows Update
13-05-2016 20:11:18 Windows Update
14-05-2016 20:25:51 Windows Modules Installer
14-05-2016 20:26:06 Windows Modules Installer
19-05-2016 20:16:48 Windows Update
25-05-2016 19:59:36 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/27/2016 10:13:58 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain:  CreateSharedMemory() failed.
Session ID = 3

Error: (05/27/2016 10:13:58 AM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 3

Error: (05/26/2016 11:46:47 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain:  CreateSharedMemory() failed.
Session ID = 2

Error: (05/26/2016 11:46:47 AM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 2

Error: (05/25/2016 07:44:19 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain:  CreateSharedMemory() failed.
Session ID = 6

Error: (05/25/2016 07:44:19 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 6

Error: (05/25/2016 09:08:51 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain:  CreateSharedMemory() failed.
Session ID = 5

Error: (05/25/2016 09:08:51 AM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 5

Error: (05/24/2016 10:34:12 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain:  CreateSharedMemory() failed.
Session ID = 4

Error: (05/24/2016 10:34:12 AM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 4


Systemfehler:
=============
Error: (05/25/2016 07:54:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/25/2016 07:54:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (05/25/2016 07:53:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2016 07:53:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "User Experience Improvement Program" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2016 07:53:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/25/2016 07:53:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Quick Access Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2016 07:53:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2016 07:53:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Quick Access RadioMgr Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2016 07:53:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/25/2016 07:53:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Touch Tools Launch Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2016-05-27 13:50:37.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-27 13:39:22.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-27 12:00:57.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-27 11:08:29.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-27 10:36:34.920
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-27 10:18:48.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-26 11:54:42.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-25 19:59:07.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-25 19:48:42.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-25 13:42:32.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-4012Y CPU @ 1.50GHz
Prozentuale Nutzung des RAM: 50%
Installierter physikalischer RAM: 4003.27 MB
Verfügbarer physikalischer RAM: 2000.67 MB
Summe virtueller Speicher: 4707.27 MB
Verfügbarer virtueller Speicher: 1950.93 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:110.02 GB) (Free:9.76 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: E2B8D7DB)

Partition: GPT.

==================== Ende von Addition.txt ============================

cosinus · 27.05.2016, 21:22

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

S0 hzgqpf; kein ImagePath
S0 kebzlm; kein ImagePath
S0 sjzgxw; kein ImagePath
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Troj Vic · 27.05.2016, 21:56

Alles ausgeführt, hier das Fixlog.txt:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
durchgeführt von St (2016-05-27 22:43:56) Run:1
Gestartet von C:\Users\St\Desktop\Micha\1. FRST
Geladene Profile: St (Verfügbare Profile: St)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
S0 hzgqpf; kein ImagePath
S0 kebzlm; kein ImagePath
S0 sjzgxw; kein ImagePath
emptytemp:
*****************

hzgqpf => Dienst erfolgreich entfernt
kebzlm => Dienst erfolgreich entfernt
sjzgxw => Dienst erfolgreich entfernt
EmptyTemp: => 2.2 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 22:47:36 ====

cosinus · 27.05.2016, 22:03

Okay, dann Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:

1. Schritt: MBAM

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

2. Schritt: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

3. Schritt: SecurityCheck

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Troj Vic · 29.05.2016, 21:33

Hier das MBAM-Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 29.05.2016
Suchlaufzeit: 10:56
Protokolldatei: mbam2.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.29.03
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: St

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 289185
Abgelaufene Zeit: 17 Min., 37 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Hier das ESET-Log: 4 Funde angezeigt.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=de40f4b7d9bcd645b859e8be14a89975
# end=init
# utc_time=2016-05-29 10:46:02
# local_time=2016-05-29 12:46:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 29623
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=de40f4b7d9bcd645b859e8be14a89975
# end=updated
# utc_time=2016-05-29 10:49:05
# local_time=2016-05-29 12:49:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=de40f4b7d9bcd645b859e8be14a89975
# engine=29623
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-29 06:55:17
# local_time=2016-05-29 08:55:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3085 16777213 87 92 955702 53429117 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 24448301 46232899 0 0
# scanned=237132
# found=4
# cleaned=0
# scan_time=29171
sh=5B5EA2F5CEC496F99D245A68C884C09F5849E037 ft=1 fh=038fab3ea954bf64 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\St\AppData\Local\Temp\DMR\dmr_72.exe"
sh=3B010E7F65A0673E3651412F634AAC771598E621 ft=1 fh=75a70be8d9877695 vn="Variante von Win32/Kryptik.EYKV Trojaner" ac=I fn="C:\VTRoot\HarddiskVolume3\ProgramData\chroma-49\chroma-52.exe"
sh=01752A2770AEE4B1399F2E543F09FD263D6B4DB2 ft=1 fh=8f719a6c0c158fd1 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\VTRoot\HarddiskVolume3\ProgramData\mosfet-58\mosfet-07.exe"
sh=72FE1BA92F98C62E895467ED6F50FDE7BC90B6C1 ft=1 fh=3a7fba1255bceee9 vn="Variante von Win32/Kryptik.EYKV Trojaner" ac=I fn="C:\VTRoot\HarddiskVolume3\Users\St\AppData\Roaming\versabus-43\versabus-14.exe"

Und zu Guter Letzt: das Security Check-Log:

Code:

ATTFilter

 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
COMODO Antivirus   
Windows Defender   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	21.0.0.242  
 Mozilla Firefox (46.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

cosinus · 29.05.2016, 21:44

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\St\AppData\Local\Temp\DMR\dmr_72.exe
C:\VTRoot\HarddiskVolume3\ProgramData\chroma-49\chroma-52.exe
C:\VTRoot\HarddiskVolume3\ProgramData\mosfet-58\mosfet-07.exe
C:\VTRoot\HarddiskVolume3\Users\St\AppData\Roaming\versabus-43\versabus-14.exe
cmd: dir /oge-d %APPDATA%
cmd: dir /oge-d "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"
cmd: dir /oge-d %PROGRAMDATA%
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Troj Vic · 29.05.2016, 22:42

Hier das FRST Fixlog:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
durchgeführt von St (2016-05-29 23:37:29) Run:3
Gestartet von C:\8. FRST
Geladene Profile: St (Verfügbare Profile: St)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\Users\St\AppData\Local\Temp\DMR\dmr_72.exe
C:\VTRoot\HarddiskVolume3\ProgramData\chroma-49\chroma-52.exe
C:\VTRoot\HarddiskVolume3\ProgramData\mosfet-58\mosfet-07.exe
C:\VTRoot\HarddiskVolume3\Users\St\AppData\Roaming\versabus-43\versabus-14.exe
cmd: dir /oge-d %APPDATA%
cmd: dir /oge-d "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"
cmd: dir /oge-d %PROGRAMDATA%
emptytemp:
*****************

"C:\Users\St\AppData\Local\Temp\DMR\dmr_72.exe" => nicht gefunden.
"C:\VTRoot\HarddiskVolume3\ProgramData\chroma-49\chroma-52.exe" => nicht gefunden.
"C:\VTRoot\HarddiskVolume3\ProgramData\mosfet-58\mosfet-07.exe" => nicht gefunden.
"C:\VTRoot\HarddiskVolume3\Users\St\AppData\Roaming\versabus-43\versabus-14.exe" => nicht gefunden.

=========  dir /oge-d %APPDATA% =========

 Datentr�ger in Laufwerk C: ist Acer
 Volumeseriennummer: 06F2-D249

 Verzeichnis von C:\Users\St\AppData\Roaming

25.05.2016  20:00    <DIR>          ..
25.05.2016  20:00    <DIR>          .
19.05.2016  20:21    <DIR>          Comodo
18.05.2016  19:16    <DIR>          versabus-43
18.05.2016  10:31    <DIR>          KeePass
18.05.2016  10:17    <DIR>          xmitter-61
26.04.2016  22:28    <DIR>          MyPhoneExplorer
15.03.2016  13:30    <DIR>          Spotify
27.01.2016  10:43    <DIR>          CareCenter
29.08.2015  11:47    <DIR>          ApkInstaller
29.08.2015  11:43    <DIR>          AdbDriverInstaller
16.08.2015  18:08    <DIR>          Apple Computer
09.07.2015  07:26    <DIR>          Adobe
29.04.2015  08:13    <DIR>          YCanPDF
31.03.2015  17:14    <DIR>          PDF Architect 2
31.03.2015  17:13    <DIR>          elsterformular
17.02.2015  13:03    <DIR>          Identities
10.02.2015  23:49    <DIR>          Mozilla
10.02.2015  22:22    <DIR>          Macromedia
27.12.2014  06:01    <DIR>          Atheros
               0 Datei(en),              0 Bytes
              20 Verzeichnis(se), 12.257.378.304 Bytes frei

========= Ende von CMD: =========


=========  dir /oge-d "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup" =========

 Datentr�ger in Laufwerk C: ist Acer
 Volumeseriennummer: 06F2-D249

 Verzeichnis von C:\Users\St\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

19.04.2016  20:36    <DIR>          ..
19.04.2016  20:36    <DIR>          .
18.05.2016  19:16               962 versabus-7.lnk
               1 Datei(en),            962 Bytes
               2 Verzeichnis(se), 12.257.378.304 Bytes frei

========= Ende von CMD: =========


=========  dir /oge-d %PROGRAMDATA% =========

 Datentr�ger in Laufwerk C: ist Acer
 Volumeseriennummer: 06F2-D249

 Verzeichnis von C:\ProgramData

29.05.2016  10:54    <DIR>          Malwarebytes
24.05.2016  20:41    <DIR>          Malwarebytes' Anti-Malware (portable)
18.05.2016  19:14    <DIR>          chroma-49
18.05.2016  11:41    <DIR>          mosfet-58
18.05.2016  10:36    <DIR>          rb
14.05.2016  20:28    <DIR>          Microsoft Help
07.04.2016  10:37    <DIR>          Apple
22.02.2016  09:49    <DIR>          elsterformular
20.12.2015  11:15    <DIR>          Acer
13.12.2015  09:37    <DIR>          Synaptics
12.08.2015  14:17    <DIR>          Apple Computer
08.07.2015  12:13    <DIR>          Adobe
08.04.2015  18:07    <DIR>          OEM
31.03.2015  09:12    <DIR>          Package Cache
04.03.2015  22:00    <DIR>          PDF Architect 2
10.02.2015  23:47    <DIR>          Mozilla
10.02.2015  23:25    <DIR>          Comodo
10.02.2015  23:25    <DIR>          Shared Space
10.02.2015  23:19    <DIR>          McAfee
27.12.2014  06:01    <DIR>          OEM_YAHOO
27.12.2014  05:21    <DIR>          Atheros
27.12.2014  05:11    <DIR>          {69533018-33A8-4C46-869A-11AA2CDF4EDC}
27.12.2014  05:11    <DIR>          Qualcomm Atheros
01.09.2014  11:37    <DIR>          Intel
24.04.2015  20:09    <DIR>          regid.1991-06.com.microsoft
               0 Datei(en),              0 Bytes
              25 Verzeichnis(se), 12.257.370.112 Bytes frei

========= Ende von CMD: =========

EmptyTemp: => 4.7 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 23:37:34 ====

cosinus · 30.05.2016, 18:35

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\ProgramData\chroma-49
C:\ProgramData\mosfet-58
C:\Users\St\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\versabus-7.lnk
C:\Users\St\AppData\Roaming\versabus-43
C:\Users\St\AppData\Roaming\xmitter-61
cmd: dir /oge-d %APPDATA%
cmd: dir /oge-d "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"
cmd: dir /oge-d %PROGRAMDATA%
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Troj Vic · 30.05.2016, 19:52

Hier der nächste Lauf FRST:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
durchgeführt von St (2016-05-30 20:49:09) Run:4
Gestartet von C:\9. FRST
Geladene Profile: St (Verfügbare Profile: St)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\ProgramData\chroma-49
C:\ProgramData\mosfet-58
C:\Users\St\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\versabus-7.lnk
C:\Users\St\AppData\Roaming\versabus-43
C:\Users\St\AppData\Roaming\xmitter-61
cmd: dir /oge-d %APPDATA%
cmd: dir /oge-d "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"
cmd: dir /oge-d %PROGRAMDATA%
emptytemp:
*****************

C:\ProgramData\chroma-49 => erfolgreich verschoben
C:\ProgramData\mosfet-58 => erfolgreich verschoben
C:\Users\St\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\versabus-7.lnk => erfolgreich verschoben
C:\Users\St\AppData\Roaming\versabus-43 => erfolgreich verschoben
C:\Users\St\AppData\Roaming\xmitter-61 => erfolgreich verschoben

=========  dir /oge-d %APPDATA% =========

 Datentr�ger in Laufwerk C: ist Acer
 Volumeseriennummer: 06F2-D249

 Verzeichnis von C:\Users\St\AppData\Roaming

25.05.2016  20:00    <DIR>          ..
25.05.2016  20:00    <DIR>          .
19.05.2016  20:21    <DIR>          Comodo
18.05.2016  10:31    <DIR>          KeePass
26.04.2016  22:28    <DIR>          MyPhoneExplorer
15.03.2016  13:30    <DIR>          Spotify
27.01.2016  10:43    <DIR>          CareCenter
29.08.2015  11:47    <DIR>          ApkInstaller
29.08.2015  11:43    <DIR>          AdbDriverInstaller
16.08.2015  18:08    <DIR>          Apple Computer
09.07.2015  07:26    <DIR>          Adobe
29.04.2015  08:13    <DIR>          YCanPDF
31.03.2015  17:14    <DIR>          PDF Architect 2
31.03.2015  17:13    <DIR>          elsterformular
17.02.2015  13:03    <DIR>          Identities
10.02.2015  23:49    <DIR>          Mozilla
10.02.2015  22:22    <DIR>          Macromedia
27.12.2014  06:01    <DIR>          Atheros
               0 Datei(en),              0 Bytes
              18 Verzeichnis(se), 12.195.831.808 Bytes frei

========= Ende von CMD: =========


=========  dir /oge-d "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup" =========

 Datentr�ger in Laufwerk C: ist Acer
 Volumeseriennummer: 06F2-D249

 Verzeichnis von C:\Users\St\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

19.04.2016  20:36    <DIR>          ..
19.04.2016  20:36    <DIR>          .
               0 Datei(en),              0 Bytes
               2 Verzeichnis(se), 12.195.835.904 Bytes frei

========= Ende von CMD: =========


=========  dir /oge-d %PROGRAMDATA% =========

 Datentr�ger in Laufwerk C: ist Acer
 Volumeseriennummer: 06F2-D249

 Verzeichnis von C:\ProgramData

29.05.2016  10:54    <DIR>          Malwarebytes
24.05.2016  20:41    <DIR>          Malwarebytes' Anti-Malware (portable)
18.05.2016  10:36    <DIR>          rb
14.05.2016  20:28    <DIR>          Microsoft Help
07.04.2016  10:37    <DIR>          Apple
22.02.2016  09:49    <DIR>          elsterformular
20.12.2015  11:15    <DIR>          Acer
13.12.2015  09:37    <DIR>          Synaptics
12.08.2015  14:17    <DIR>          Apple Computer
08.07.2015  12:13    <DIR>          Adobe
08.04.2015  18:07    <DIR>          OEM
31.03.2015  09:12    <DIR>          Package Cache
04.03.2015  22:00    <DIR>          PDF Architect 2
10.02.2015  23:47    <DIR>          Mozilla
10.02.2015  23:25    <DIR>          Comodo
10.02.2015  23:25    <DIR>          Shared Space
10.02.2015  23:19    <DIR>          McAfee
27.12.2014  06:01    <DIR>          OEM_YAHOO
27.12.2014  05:21    <DIR>          Atheros
27.12.2014  05:11    <DIR>          {69533018-33A8-4C46-869A-11AA2CDF4EDC}
27.12.2014  05:11    <DIR>          Qualcomm Atheros
01.09.2014  11:37    <DIR>          Intel
24.04.2015  20:09    <DIR>          regid.1991-06.com.microsoft
               0 Datei(en),              0 Bytes
              23 Verzeichnis(se), 12.195.893.248 Bytes frei

========= Ende von CMD: =========

EmptyTemp: => 2.3 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 20:49:14 ====

cosinus · 30.05.2016, 20:26

Dann zeig nochmal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

Troj Vic · 01.06.2016, 20:35

So, hier die FRST.log:

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
durchgeführt von St (Administrator) auf STEFFI (01-06-2016 21:22:13)
Gestartet von C:\Users\St\Desktop\Micha\10. FRST
Geladene Profile: St (Verfügbare Profile: St)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Hover Access\HoverAccess.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\SunlightReading.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-12-27] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2014-12-27] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2756672 2016-04-21] (Dominik Reichl)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [213536 2016-02-03] (Geek Software GmbH)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-12-27] (Atheros Communications)
HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-12-27] (Spotify Ltd)
HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\...\MountPoints2: {d0c1fdd8-ca5f-11e5-827f-9194abe72977} - "D:\LG_PC_Programs.exe" 
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{5A9F095C-4334-4120-9975-797CDF3ECC0C}: [DhcpNameServer] 192.168.184.1
Tcpip\..\Interfaces\{BEC4EA46-F149-4E9D-B646-8CB98FC635FD}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3148902193-1453853946-4009423498-1001 -> DefaultScope {CA3D82E3-65D7-4766-A28A-DEA78C9EBAE5} URL = 
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)

FireFox:
========
FF ProfilePath: C:\Users\St\AppData\Roaming\Mozilla\Firefox\Profiles\qnva6imt.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-12-27] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-12-27] (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: FireGestures - C:\Users\St\AppData\Roaming\Mozilla\Firefox\Profiles\qnva6imt.default\extensions\firegestures@xuldev.org.xpi [2016-05-18]
FF Extension: Video DownloadHelper - C:\Users\St\AppData\Roaming\Mozilla\Firefox\Profiles\qnva6imt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23]
FF Extension: Adblock Plus - C:\Users\St\AppData\Roaming\Mozilla\Firefox\Profiles\qnva6imt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-03-04] [ist nicht signiert]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-12-27] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-05-10] (Acer Incorporated)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817200 2016-05-01] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-05-01] (COMODO)
R2 DptfParticipantDisplayService; C:\Windows\system32\DptfParticipantDisplayService.exe [141944 2014-12-27] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-12-27] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2014-12-27] (Intel Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-12-27] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-12-27] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2014-12-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2014-12-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-12-27] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2015-07-08] (Acer Incorporate)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2015-03-04] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2015-03-04] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2015-03-04] (pdfforge GmbH)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-12-27] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-12-27] (Acer Incorporate)
R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-12-27] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-24] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29184 2016-02-04] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2016-02-04] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2016-02-04] (LG Electronics Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-12-27] (Qualcomm Atheros Communications, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-12-27] (Qualcomm Atheros)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-04-27] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851856 2016-04-27] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45592 2016-04-27] (COMODO)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [70752 2014-12-27] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-12-27] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-12-27] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-12-27] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2014-12-27] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-12-27] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [290256 2014-12-27] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494808 2014-12-27] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 hzgqpf; kein ImagePath
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [83960 2013-10-03] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [128504 2013-10-03] (Intel Corporation)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-04-27] (COMODO)
S0 kebzlm; kein ImagePath
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2015-07-08] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-12-27] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2015-07-08] (Acer Incorporated)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2015-04-22] (Microsoft Corporation)
S0 sjzgxw; kein ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-08-12] (Apple, Inc.) [Datei ist nicht signiert]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-31 08:58 - 2016-05-31 08:58 - 00483385 _____ C:\Users\St\Desktop\Bescheinigung Beschäftigungen Steffi Pietschmann.pdf
2016-05-29 12:45 - 2016-05-29 12:45 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-29 10:54 - 2016-05-29 10:54 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-05-29 10:54 - 2016-05-29 10:54 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-05-29 10:54 - 2016-05-29 10:54 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-29 10:54 - 2016-05-29 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-29 10:54 - 2016-05-29 10:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-28 11:31 - 2016-05-28 11:31 - 01489999 _____ C:\Users\St\Downloads\Potsdam_U_Antrag_Syakk_15.07.10.pdf
2016-05-28 11:29 - 2016-05-28 11:29 - 27629457 _____ C:\Users\St\Downloads\Bamberg_U_SD_Systemakkr.zip
2016-05-28 11:29 - 2016-05-28 11:29 - 05475806 _____ C:\Users\St\Downloads\TUD_Selbstdokumentation_Gesamt_12-03-2014.pdf
2016-05-25 19:48 - 2016-05-25 19:53 - 00000000 ____D C:\AdwCleaner
2016-05-24 20:23 - 2016-05-29 10:56 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-24 20:23 - 2016-05-29 10:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-24 20:23 - 2016-05-24 20:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-05-24 20:22 - 2016-05-29 10:54 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-05-22 20:29 - 2016-06-01 21:22 - 00000000 ____D C:\FRST
2016-05-22 20:21 - 2016-05-22 20:21 - 00000017 _____ C:\Users\St\AppData\Local\resmon.resmoncfg
2016-05-18 19:47 - 2016-05-18 19:47 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\dsparse.dll
2016-05-18 19:47 - 2016-05-18 19:47 - 00024064 _____ (Microsoft Corporation) C:\windows\SysWOW64\dsparse.dll
2016-05-18 19:46 - 2016-05-18 19:46 - 03820544 _____ (Microsoft Corporation) C:\windows\system32\rdpcore.dll
2016-05-18 19:46 - 2016-05-18 19:46 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-05-18 19:46 - 2016-05-18 19:46 - 03273728 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpcore.dll
2016-05-18 19:46 - 2016-05-18 19:46 - 02466136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2016-05-18 19:46 - 2016-05-18 19:46 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-05-18 19:46 - 2016-05-18 19:46 - 00442712 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-05-18 19:46 - 2016-05-18 19:46 - 00413696 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-05-18 19:46 - 2016-05-18 19:46 - 00332632 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-05-18 19:46 - 2016-05-18 19:46 - 00316760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2016-05-18 19:46 - 2016-05-18 19:46 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\shacct.dll
2016-05-18 19:46 - 2016-05-18 19:46 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2016-05-18 19:46 - 2016-05-18 19:46 - 00160160 _____ (Microsoft Corporation) C:\windows\system32\IPHLPAPI.DLL
2016-05-18 19:46 - 2016-05-18 19:46 - 00148480 _____ (Microsoft Corporation) C:\windows\SysWOW64\shacct.dll
2016-05-18 19:46 - 2016-05-18 19:46 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-05-18 19:46 - 2016-05-18 19:46 - 00121912 _____ (Microsoft Corporation) C:\windows\SysWOW64\IPHLPAPI.DLL
2016-05-18 19:26 - 2016-05-19 20:21 - 00000000 ____D C:\Users\St\AppData\Roaming\Comodo
2016-05-15 22:37 - 2016-05-29 21:42 - 00300452 _____ C:\Users\St\Desktop\ausgefüllt Vorsorgeset.pdf
2016-05-15 21:24 - 2016-05-15 21:24 - 00297725 _____ C:\Users\St\Desktop\formulare-vorsorgeset.pdf
2016-05-15 13:54 - 2016-05-15 13:54 - 13169768 _____ C:\Users\St\Desktop\Schokolade.pdf
2016-05-12 19:43 - 2016-05-12 19:43 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-05-12 19:43 - 2016-05-12 19:43 - 00561960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-05-12 19:43 - 2016-05-12 19:43 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-05-12 19:43 - 2016-05-12 19:43 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-05-12 19:43 - 2016-05-12 19:43 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-05-12 19:43 - 2016-05-12 19:43 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-05-12 19:43 - 2016-05-12 19:43 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-05-12 19:43 - 2016-05-12 19:43 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-05-12 19:43 - 2016-05-12 19:43 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-05-12 19:43 - 2016-05-12 19:43 - 00137976 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-05-12 19:43 - 2016-05-12 19:43 - 00120384 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 25816576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 20349952 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 15414784 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 13811200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 06052864 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 02893312 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 02285568 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-05-12 19:42 - 2016-05-12 19:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-05-12 19:42 - 2016-05-12 19:42 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-05-12 19:42 - 2016-05-12 19:42 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-05-12 19:42 - 2016-05-12 19:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-05-12 19:41 - 2016-05-12 19:41 - 07446368 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-05-12 19:41 - 2016-05-12 19:41 - 01763376 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2016-05-12 19:41 - 2016-05-12 19:41 - 01489088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2016-05-12 19:41 - 2016-05-12 19:41 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-05-12 19:41 - 2016-05-12 19:41 - 01307328 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-05-12 19:41 - 2016-05-12 19:41 - 01097728 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-05-12 19:41 - 2016-05-12 19:41 - 00747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-05-12 19:41 - 2016-05-12 19:41 - 00738096 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-05-12 19:41 - 2016-05-12 19:41 - 00613624 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-05-12 19:41 - 2016-05-12 19:41 - 00534016 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.dll
2016-05-12 19:41 - 2016-05-12 19:41 - 00375296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.dll
2016-05-12 19:40 - 2016-05-12 19:40 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-05-12 19:40 - 2016-05-12 19:40 - 01549144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-05-12 19:40 - 2016-05-12 19:40 - 00074584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgr.sys
2016-05-10 13:31 - 2016-05-10 13:31 - 00003334 _____ C:\windows\System32\Tasks\AcerCloud
2016-05-05 12:53 - 2016-05-16 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-01 21:21 - 2016-03-20 21:54 - 00000000 ____D C:\Users\St\Desktop\Micha
2016-06-01 21:21 - 2015-04-29 08:11 - 00445048 _____ C:\windows\system32\Drivers\fvstore.dat
2016-06-01 21:20 - 2016-02-15 11:42 - 02129096 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-01 21:20 - 2014-12-27 13:35 - 01032654 _____ C:\windows\system32\perfh007.dat
2016-06-01 21:20 - 2014-12-27 13:35 - 00247986 _____ C:\windows\system32\perfc007.dat
2016-06-01 21:20 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-06-01 13:55 - 2015-02-10 23:25 - 01474832 _____ C:\windows\system32\Drivers\sfi.dat
2016-06-01 09:32 - 2015-03-05 12:55 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-06-01 08:59 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-29 11:21 - 2014-12-27 06:06 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3148902193-1453853946-4009423498-1001
2016-05-27 22:48 - 2015-04-09 22:14 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-05-27 22:48 - 2015-04-09 22:14 - 00000000 ___SD C:\windows\system32\GWX
2016-05-27 22:48 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-05-27 22:39 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2016-05-27 11:09 - 2015-07-07 21:34 - 00009910 _____ C:\Users\St\Desktop\Rechnung an Micha.xlsx
2016-05-24 21:03 - 2013-08-22 17:36 - 00000000 ____D C:\windows\rescache
2016-05-24 20:50 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-24 20:50 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2016-05-23 21:29 - 2015-11-25 21:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-19 20:26 - 2015-08-20 21:43 - 00000000 ____D C:\windows\system32\appraiser
2016-05-19 20:25 - 2015-02-20 22:44 - 00000000 ____D C:\windows\system32\MRT
2016-05-19 20:18 - 2015-02-20 22:44 - 139319312 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-05-18 10:31 - 2015-03-04 16:50 - 00012718 _____ C:\Users\St\Documents\SP.kdbx
2016-05-18 10:31 - 2015-02-10 23:46 - 00000000 ____D C:\Users\St\AppData\Roaming\KeePass
2016-05-17 21:27 - 2014-09-01 11:38 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-05-16 13:50 - 2015-02-10 23:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-16 13:50 - 2013-08-22 16:44 - 00370592 _____ C:\windows\system32\FNTCACHE.DAT
2016-05-15 13:49 - 2015-03-05 11:51 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-15 13:32 - 2015-03-05 12:55 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-05-14 20:26 - 2014-03-18 11:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 22:08 - 2014-09-01 11:34 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 22:08 - 2014-09-01 11:34 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-10 13:31 - 2015-07-20 08:21 - 00003442 _____ C:\windows\System32\Tasks\BacKGroundAgent
2016-05-10 13:31 - 2014-09-01 11:49 - 00000000 ___HD C:\OEM
2016-05-10 13:31 - 2014-09-01 11:38 - 00000000 ____D C:\Program Files (x86)\Acer
2016-05-10 13:30 - 2014-12-27 06:01 - 00000000 ____D C:\Users\St\AppData\Local\clear.fi
2016-05-03 11:28 - 2015-03-05 12:39 - 00000000 ____D C:\Users\St\Documents\[6] Weiterbildung
2016-05-02 10:09 - 2015-02-10 22:22 - 00000000 ____D C:\Users\St\AppData\Local\CrashDumps

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-05-22 20:21 - 2016-05-22 20:21 - 0000017 _____ () C:\Users\St\AppData\Local\resmon.resmoncfg
2014-12-27 05:19 - 2014-12-27 05:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\St\AppData\Local\Temp\AcerDocsSetup.exe
C:\Users\St\AppData\Local\Temp\libeay32.dll
C:\Users\St\AppData\Local\Temp\msvcr120.dll
C:\Users\St\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-19 20:16

==================== Ende von FRST.txt ============================

--- --- ---

Troj Vic · 01.06.2016, 20:36

Gefolgt von Addition Teil 1:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-06-2016
durchgeführt von St (2016-06-01 21:23:22)
Gestartet von C:\Users\St\Desktop\Micha\10. FRST
Windows 8.1 (Update) (X64) (2014-12-27 04:01:10)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3148902193-1453853946-4009423498-500 - Administrator - Disabled)
Gast (S-1-5-21-3148902193-1453853946-4009423498-501 - Limited - Disabled)
St (S-1-5-21-3148902193-1453853946-4009423498-1001 - Administrator - Enabled) => C:\Users\St

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Hover Access (HKLM-x32\...\{02488282-6E9D-42B0-877E-2AA34580E578}) (Version: 1.00.3001 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.10.2001 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3006 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.17.2002.1 - Acer Incorporated)
COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.1.18829 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2106 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3855 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
KeePass Password Safe 2.32 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.32 - Dominik Reichl)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.3 - LG Electronics)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOK) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint 2007 (HKLM-x32\...\POWERPOINT) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF To Excel Converter V2.0 (HKLM-x32\...\PDF To Excel Converter_is1) (Version:  - hxxp://www.PDFExcelConverter.com)
PDF24 Creator 7.6.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39061 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7300 - Realtek Semiconductor Corp.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOK_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_WORD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {139F8F47-642D-4FD7-B260-F2BD3694D336} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2015-07-08] (Acer Incorporate)
Task: {18F49891-51AC-45F8-965A-10A9405EBEB4} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {217F18D3-0AA1-44B2-9FB8-66884FEF393D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-05-10] (Acer)
Task: {2AEA86DB-B495-49FC-A848-77566CA3090F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-05-01] (COMODO)
Task: {425394FB-DDFA-4C69-BE86-5039148C5292} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-30] (COMODO)
Task: {4CF5C90D-2F80-4C9F-BB2E-5FF9D99C4848} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-05-10] (Acer Incorporated)
Task: {54232B1F-8C62-46F0-AD6C-1EC7C8828921} - System32\Tasks\Acer Hover Access Trigger => HoverAccessLauncher.exe
Task: {555BE116-E575-4603-8EFD-55FF581F68E8} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-05-01] (COMODO)
Task: {56700778-4744-4D55-94D8-C642A6867ADA} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2014-12-27] (Acer Incorporated)
Task: {59924F37-A6DD-461A-B6AA-B83A2AF04817} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {5CC1DB33-42D2-4DA0-A3B5-5FDEAD18FC41} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2014-12-27] (Acer Incorporated)
Task: {62493BBE-11A6-4EFF-B1BB-623E8DE355A2} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-05-01] (COMODO)
Task: {64B5F89B-0EAD-40A1-AFAC-C6393AE2C7EC} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2014-12-27] (Acer Incorporated)
Task: {69A51C98-D77B-4D1C-B7F8-F0920560FFF4} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-30] (COMODO)
Task: {6FC50853-D25A-4926-9AA3-03B5B77E1A5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-05-15] (Adobe Systems Incorporated)
Task: {71AD4C2D-9A2B-4EF2-AC49-FB154CA224B5} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2014-12-27] (Acer Incorporated)
Task: {97BBCD57-80D4-4006-BB3A-B40EFE96C168} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-12-27] (Acer Incorporated)
Task: {A1C3E35A-D40C-4D8F-BE2E-F58D11CF86FD} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-05-10] (Acer Incorporated)
Task: {AD726C7B-3AAD-4F3D-95C3-F85E7DDF05AC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-15] (Adobe Systems Incorporated)
Task: {BC9BD4BB-3730-48CB-98C1-BE1D6C857839} - System32\Tasks\{ECC4F8AC-52F4-48F4-BDDF-CCE0B8E7F31C} => pcalua.exe -a "C:\Program Files (x86)\Acer\abPhoto\abPhotoSetup.exe" -c -uninstall
Task: {BCB1CC46-B0C6-4B44-9BEC-43389533A003} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-12-27] (Acer Incorporate)
Task: {C1F8A30D-5711-4AF6-A718-ECD894423397} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-12-20] ()
Task: {E55C5107-1972-4CF7-B590-D592B493A149} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-05-01] (COMODO)
Task: {FB1A578B-7A7C-4B3D-AC5A-33E079E11954} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-12-27] (Acer Incorporate)
Task: {FF9189C7-74DC-4222-8C51-552ECD86F848} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-05-10] ()

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-02-03 21:34 - 2016-02-03 21:34 - 00192512 _____ () C:\windows\System32\zlhp1020.dll
2006-12-04 01:26 - 2016-04-30 18:43 - 00022016 _____ () C:\windows\System32\sugs2l6.dll
2016-02-03 21:34 - 2016-02-03 21:34 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-04-29 03:38 - 2014-12-27 14:58 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-29 03:35 - 2014-12-27 14:58 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-29 03:42 - 2014-12-27 14:58 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2016-01-20 11:50 - 2016-05-10 20:21 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2013-04-15 18:39 - 2016-03-16 12:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-12-27 05:16 - 2014-12-27 14:58 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-05-10 13:31 - 2016-05-10 13:31 - 00015064 _____ () C:\windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-04-18 16:13 - 2016-04-18 16:13 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-04-18 16:11 - 2016-04-18 16:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-04-20 14:57 - 2016-04-20 14:57 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-04-20 14:57 - 2016-04-20 14:57 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\hh.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\twain_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\winhlp32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\accessibilitycpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\acledit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\aclui.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\acppage.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\acproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ActionQueue.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\activeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\adhapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\adhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\adsldp.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\adsldpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\advpack.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\aecache.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AepRoam.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\aitagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\alg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AltTab.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\amstream.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Apphlpdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\appidapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\appidsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\appsruprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AppxApplicabilityEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AppXDeploymentExtensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AppxSip.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AppxStreamingDataSourcePS.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AppxSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ARP.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\at.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AtBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\atl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\atlthunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\attrib.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\auditcse.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\authfwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AuthFWGP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AuthFWSnapin.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\AuthFWWizFwk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AuthHostProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\autoconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AutoWorkplaceN.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\avicap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\avifil32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\avrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AxInstSv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AxInstUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\azroles.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\AzSqlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\backgroundTaskHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BackgroundTransferHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\batmeter.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\bcd.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\bcdboot.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bcdprov.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\bcdsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BCP47Langs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bdaplgin.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BdeHdCfgLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bderepair.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BdeUISrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BFE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bidispl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BioCredProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BitLockerWizardElev.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bitsadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bitsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bitsperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bitsprx2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bitsprx3.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bitsprx4.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bitsprx5.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bitsprx6.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bitsprx7.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\blb_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bootcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bootim.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bootsect.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\brdgcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bridgeunattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BrokerLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\browser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\browseui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bthci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BthHFSrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BthMtpContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bthpanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BthpanContextHandler.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bthserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BthSQM.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\bthudtask.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\btpanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Bubbles.scr:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BulkOperationHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\BWContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cabinet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cabview.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CallButtons.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CallButtons.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CameraSettingsUIHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\capisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\catsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\catsrvps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cca.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\certca.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\certCredProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CertEnrollCtrl.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CertEnrollUI.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\certmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CertPolEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\certreq.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cfmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cfmifsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\chcp.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CheckNetIsolation.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\chkdsk.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\chkntfs.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\chkwudrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\choice.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CHxReadingStringIME.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cic.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cipher.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CIRCoInst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\clb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\clbcatq.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cleanmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cliconfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cliconfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\clip.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CloudNotifications.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cmcfg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cmdext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cmdial32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cmdkey.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\cmdl32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cmlua.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cmmon32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cmpbk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cmstp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cmstplua.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cngcredui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cnvfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cofire.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cofiredm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\colbact.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\colorcpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\colorui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\compact.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CompMgmtLauncher.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ComputerDefaults.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comrepl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\comuid.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\connect.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\ConnectedAccountState.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\consent.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\ConsentUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\console.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\control.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\convert.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\correngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CredentialMigrationHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CredentialUIBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\credssp.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\credwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cryptcatsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cryptdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cryptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\crypttpmeksvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cryptui.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\cryptuiwizard.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cscapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\CSystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ctfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cttune.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\cttunesvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\C_ISCII.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\d3d10.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\d3d10core.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\d3d10_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\d3d10_1core.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\d3d11.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\d3d8thk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dabapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DAConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dafupnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dafWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dafWfdProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DAFWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DAMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DaOtpCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dataclen.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\datusage.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\davhlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dbnetlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dbnmpntw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dccw.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dcomcnfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DDACLSys.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ddodiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DDOIProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DDORes.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DefaultDeviceManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DefaultPrinterProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Defrag.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\defragproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\defragsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\desk.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\deskadp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\deskmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DevDispItemProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DeviceDisplayStatusManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DeviceDriverRetrievalClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DeviceEject.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DeviceElementSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DevicePairingProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DevicePairingWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DeviceProperties.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\deviceregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DeviceSetupManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DeviceSetupManagerAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DeviceSetupStatusProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\DeviceUxRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\devmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\devobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DevPropMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\devrtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dfdts.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DFDWiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dfrgui.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dfscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DfsShlEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dhcpcmonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dhcpcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dhcpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DHCPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DiagCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\diagperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\diagtrack.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\dialer.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\difxapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dimsjob.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dinput.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dinput8.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\diskcomp.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\diskcopy.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\diskcopy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\diskpart.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\diskraid.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dispci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dispdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dispex.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DisplaySwitch.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\djoin.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dllhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dllhst3g.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dmdlgs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dmdskmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dmintf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dmloader.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dmocx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DMRServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dmsynth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dmusic.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dmvdsitf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dmview.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dnscacheugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dnsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dnshc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\docprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\doskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dot3api.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dot3cfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Dot3Conn.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\dot3dlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dot3gpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dot3gpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dot3hc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dot3mm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dot3msm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dot3svc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dot3ui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dpapimig.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DpiScaling.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\driverquery.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\drprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\drt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\drtprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\drttransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\drvcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\drvinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dsauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dsdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dskquota.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dskquoui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DsmUserTask.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dsound.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dsparse.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dsprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dsquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dsrole.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dssec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Dsui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dsuiext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dswave.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dtsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\duser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dvdplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dvdupgrd.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dwm.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dwmredir.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DWWIN.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dxdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dxdiagn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dxgwdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dxpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Dxpserver.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\DxpTaskSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\dxva2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Eap3Host.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\eapprovp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\EAPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\eapsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\easconsent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\EaseOfAccessDialog.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\easinvoker.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\easinvoker.proxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\efsadu.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\efscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\efslsaext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\efssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\efsui.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\efsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\EhStorAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\EhStorAuthn.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\EhStorPwdMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\EhStorShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ELSCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\elshyph.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\elslad.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\elsTrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\energyprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\energytask.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\eqossnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\es.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\esentprf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\eudcedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\EventAggregation.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\eventcls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\eventcreate.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\eventvwr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\expand.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\extrac32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Faultrep.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fdBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fdBthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FdDevQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fde.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fdPHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fdPnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fdprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fdProxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\FDResPub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fdSSDP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fdWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fdWNet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fdWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\feclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhautoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhcleanup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhevents.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhlisten.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhmanagew.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhshl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhsrchapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhsrchph.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhsvcctl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fhtask.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FileAppxStreamingDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\filemgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\find.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\findstr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\finger.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Firewall.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FirewallControlPanel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fltLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fltMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fms.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Fondue.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fontview.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\forfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\format.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\framedyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\framedynos.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\frprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fsavailux.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fsquirt.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fsutilext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fthsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fundisc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fvecerts.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fvecpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fveskybackup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\fwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXSAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXSCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXSCOMEX.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXSCOMPOSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXSCOVER.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXSMON.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXSROUTE.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXSST.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXST30.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXSTIFF.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXSUNATD.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\FXSUTILITY.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\g711codc.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\gacinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\gcdef.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\GdiPlus.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\getmac.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\getuname.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\glcndFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\glmf32.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\globinputhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\glu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\gpedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\gpprnext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\gptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\gpupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Groupinghc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\grpconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hcproviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hdwwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hdwwiz.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\help.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\HelpPaneProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hgprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hhctrl.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hhsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hid.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hidphone.tsp:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hidserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hnetcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hnetmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\HOSTNAME.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hotplug.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hotspotauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\httpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\httpprxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\httpprxp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\htui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hwrcomp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\hwrreg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ias.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iasacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iasads.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iasdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iashlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\IasMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iasnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iaspolcy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iasrad.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iasrecst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iassam.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iassdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iassvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\icacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\icmui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\IconCodecService.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\icsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\icsunattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\IdListen.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\idndl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\IDStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\IEAdvpack.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iesysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iexpress.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ifmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ifsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ifsutilx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\igdDiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\IKEEXT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\imaadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\imapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\imgutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\imm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\immersivetpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\inetmib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\InfDefaultInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\InputSwitch.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\intl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ipconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iprtprio.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iprtrmgr.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\irclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\irftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\irmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\irprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iscsicli.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iscsicpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iscsicpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iscsied.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iscsiexe.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\iscsium.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iscsiwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\isoburn.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\itss.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iuilp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\joy.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\jscript9.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDRUM.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDTT102.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KdsCli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kdusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kd_02_8086.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\keepaliveprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kernel.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kernelceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\keyiso.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\keymgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\klist.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kmddsp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\KMSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\korwbrkr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ksetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\kstvtune.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Kswdmcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ksxbar.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ktmutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ktmw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\l2gpstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\l2nacp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\L2SecHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\l3codeca.acm:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\l3codecp.acm:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\label.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\LangCleanupSysprepAction.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\LAPRXY.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\LaunchTM.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\licmgr10.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\linkinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\livessp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\LldpNotify.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lltdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lltdsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\lmhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\loadperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\localsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\localui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\LocationNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Locator.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\LockScreenContent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\LockScreenContentHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\LockScreenContentServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\logagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\loghours.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\LogonUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lpkinstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lpksetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lpksetupproxyserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\lsmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\luainstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Magnification.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Magnify.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MaintenanceUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\makecab.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MbaeApi.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MbaeParserTask.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MbaeXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mblctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mbussdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mcbuilder.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mciavi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mcicda.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mciqtz32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mciseq.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mciwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\McxDriv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MDEServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MDMAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mdminst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MdRes.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MdSched.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MemoryDiagnostic.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mf3216.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfAACEnc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfdvdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfh264enc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mftranscode.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mgmtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mibincodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\midimap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\migflt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\miguiresource.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mimefilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mimofcodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MirrorDrvCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\miutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mlang.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mmcbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mmci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mmcico.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mmcshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mmcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mmsys.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mobsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mode.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\modemui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\montr_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\more.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mountvol.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Mpeg2Data.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mpnotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mprext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mprmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MRINFO.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MrmIndexer.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msaatext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msacm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msacm32.drv:$CmdTcID [32]
AlternateDataStreams: C:\windows\system32\msadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msauserext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mscat32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msched.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSchedExe.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msctfime.ime:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MsCtfMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msctfuimanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdadiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdart.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdelta.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdri.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdt.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdtc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdtckrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdtclog.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msfeedsbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msfeedssync.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msg711.acm:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msgsm32.acm:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mshta.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MsiCofire.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msidcrl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msident.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msiltcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msimg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msimtf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msinfo32.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\msisip.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msiwer.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mskeyprotcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mskeyprotect.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msls31.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msoeacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msoert2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mspatcha.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mspatchc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msports.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msra.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msrahc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msrdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msrle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mssha.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msshooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mssign32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MsSpellCheckingHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msTextPrediction.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msvcirt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msvcp60.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msvfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msvidc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSWB7.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSWB70011.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSWB7001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSWB70404.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MSWB70804.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mswmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\msxml6.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mtstocom.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mtxdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mtxex.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\muifontsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MUILanguageCleanup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MuiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mycomput.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\mydocs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Mystify.scr:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\napdsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NapiNSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\napipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NAPMONTR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NAPSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Narrator.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nbtstat.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NcaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NcaSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ncbservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NcdAutoSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NcdProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ncobjapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ncpa.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ncryptprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ncuprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ndadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nddeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ndfapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ndfetw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ndfhcdiscovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ndiscapCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ndishc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NdisImPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ndproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nduprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\negoexts.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\net.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\net1.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netbios.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netcenter.dll:$CmdTcID [64]

Troj Vic · 01.06.2016, 20:37

mit einer Nasenlänge vor dem zweiten Teil:

Code:

ATTFilter

AlternateDataStreams: C:\windows\system32\netcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netdiagfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NetEvtFwdr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netid.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netjoin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netman.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Netplwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netprofm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netprofmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netprovisionsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netsh.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NETSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\netutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NetVscCoinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\networkexplorer.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\networkitemfactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NetworkStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\newdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\newdev.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ninput.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NL7Data0011.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NL7Data001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NL7Data0404.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NL7Data0804.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nlahc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nlhtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nlmgp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nlmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nlmsprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0000.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0002.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0003.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0007.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData000a.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\NlsData000c.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData000d.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData000f.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0010.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0018.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData001a.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData001b.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData001d.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0020.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0021.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0022.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0024.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0026.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0027.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData002a.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0039.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\NlsData003e.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0045.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0046.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0047.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0049.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData004a.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData004b.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData004c.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData004e.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0414.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0416.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0816.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData081a.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsData0c1a.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Nlsdl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\normaliz.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\npmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nrpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nshhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nshipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nsisvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\nslookup.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntdsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntlanman.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntlanui2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntmarta.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ocsetapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\odbc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\odbcad32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\odbcbcp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\odbcconf.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\OEMLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\offfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ogldrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\oleacchooks.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\oledlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\oleprn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\onex.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\onexui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\OobeFldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\openfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\opengl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\OpenWith.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\OptionalFeatures.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\osbaseln.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\OskSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\osuninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\P2PGraph.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\p2pnetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\p2psvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PackageStateRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\panmap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PATHPING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pautoenr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pcacli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pcaui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pcaui.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\PCPKsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pcsvDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pcwrun.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pcwutl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pdfcmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\perfctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\perfdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\perfnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\perfos.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\perfproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\perfts.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PickerHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pid.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PkgMgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pla.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\plasrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\playlistfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PlaySndSrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PlayToStatusProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ploptin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pngfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pnpclean.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pnppolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pnpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pnpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PnPUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PnPutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PNPXAssoc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PNPXAssocPrx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pnrpauto.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Pnrphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pnrpnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pnrpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PortableDeviceApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PortableDeviceClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PortableDeviceConnectApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PortableDeviceStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\PortableDeviceTypes.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\PortableDeviceWiaCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PortableDeviceWMDRM.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pots.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\powercfg.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\powercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\powrprof.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\print.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PrintDialogHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\printfilterpipelineprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\printfilterpipelinesvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PrintIsolationHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PrintIsolationProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\printui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\printui.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\prncache.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\prnfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\prnntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\prntvpt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\procinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\profapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\profext.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\profprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\profsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\profsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\proquota.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\provcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\provsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\provthrd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ProximityCommonPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ProximityRtapiPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ProximityService.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ProximityServicePal.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ProximityUxHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\prvdmofcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\psapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PSModuleDiscoveryProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\psmsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\psr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pstorec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\PurchaseWindowsLicense.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\PurchaseWindowsLicense.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pwlauncher.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pwlauncher.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\pwsso.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\QAGENT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\QAGENTRT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\QCLIPROV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qdv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qmgrprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\QSHVHOST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\QSVRMGMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\QUTIL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\qwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RacEngn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\racpldlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\radardt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\radarrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasadhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasauto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasautou.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rascfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\raschap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\raschapext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasdiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasdial.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\raserver.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasmbmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RASMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasmontr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasmxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasphone.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasplap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rasser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdpcfgex.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdpclip.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdpendp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdpinput.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RdpSa.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RdpSaProxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RdpSaPs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RdpSaUacHelper.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdrleakdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RDSAppXHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdsdwmdr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RDSPnf.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rdvvmtransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ReAgentTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\recimg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\recover.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\recovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RecoveryDrive.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\reg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\regapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RegCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\regedt32.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\regidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\regini.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Register-CimProvider.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\regsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\regsvr32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ReInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rekeywiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\remotepg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\remotesp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RemoveDeviceContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RemoveDeviceElevated.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\repair-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\replace.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\resmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rfxvmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rgb9rast.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Ribbons.scr:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RmClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rmttpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rnr20.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RoamingSecurity.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Robocopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RotMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ROUTE.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RpcEpMap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RpcNs4.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rpcnsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RpcPing.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RpcRtRemote.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RstrtMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rtffilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rtm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rtutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\runas.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\rundll32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RunLegacyCPLElevated.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\runonce.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\RuntimeBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\samcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sas.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sbeio.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\scansetting.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SCardDlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SCardSvr.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sccls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\scecli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\scesrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\scext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\schedcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\scripto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\scrnsave.scr:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\scrobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sdchange.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sdclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sdhcinst.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\sdiageng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sdiagnhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sdiagprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sdiagschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sdohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SecEdit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\secinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\secproc_ssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SensApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SensorsClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SensorsCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sensrsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\serialui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\serwvdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sessionmsg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sethc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SetNetworkLocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SetProxyCredential.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\setspn.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SettingSyncHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\setupapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\setupcln.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\setx.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sfc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sfc_os.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sharemediacpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shgina.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shimgvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shlwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shpafact.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shrpubw.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shunimpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shutdown.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\shwebsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\signdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sigverif.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SimAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SimCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sisbkup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SkyDrive.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SkyDriveShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SkyDriveTelemetry.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SlideToShutDown.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\slpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SmartCardSimulator.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SmartScreenSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SMBHelperClass.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\smbwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SmsDeviceAccessRevocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SMSRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SndVol.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SnippingTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\snmpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\snmptrap.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SNTSearch.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\softkbd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\softpub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sort.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SortServer2003Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SortWindows61.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SortWindows6Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SoundRecorder.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SpaceAgent.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\spbcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\spfileq.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SPInf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\spmpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\spnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\spoolss.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\spopk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\spp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\spwinsat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\spwizeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sqlcecompact40.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sqlceoledb40.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sqlceqp40.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sqlcese40.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sqlsrv32.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srchadmin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srrstr.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SrTasks.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\srumapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srumsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srvsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\srwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sscoreext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ssdpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ssdpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SSShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ssText3d.scr:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sstpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Startupscan.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\stclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sti.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\StikyNot.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sti_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\StorageContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\storewuauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Storprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\streamci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SubscriptionMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\subst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sugs2ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sugs2ci.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sugs2l6.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\svchost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\svsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\swprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sxproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sxshared.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sxssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sxsstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sxstrace.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SyncHostps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SyncInfrastructure.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SyncInfrastructureps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Syncreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\syncui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sysclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sysdm.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\syskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\sysntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\syssetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\systeminfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemPropertiesAdvanced.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemPropertiesComputerName.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemPropertiesHardware.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemPropertiesPerformance.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemPropertiesProtection.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemPropertiesRemote.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemSettings.Handlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\SystemSettingsRemoveDevice.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\systray.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TabbtnEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TabSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\takeown.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tapi3.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tapilua.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TapiMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tapiperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TapiSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TapiUnattend.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\taskhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\taskhostex.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\taskkill.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tasklist.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Taskmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TaskSchdPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tcmsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TcpipSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tcpmib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tcpmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tcpmonui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TCPSVCS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tdh.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\telephon.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\termmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\termsrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\TetheringIeProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TetheringMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TetheringStation.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\themeservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\threadpoolwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ThumbnailExtractionHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TimeBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TimeBrokerServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TimeDateMUICallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\timeout.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TimeSyncTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tlscsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tpmcompc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TpmInit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tpmvsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tpmvscmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TRACERT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\traffic.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tree.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\trkwks.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TSChannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TSTheme.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TtlsAuth.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\TtlsCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\TtlsExt.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\tvratings.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\twext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\txflog.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\txfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tzsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\tzutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ucmhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\udhisapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\uexfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ufat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\UI0Detect.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\uicom.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\uireng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ulib.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\umb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\umdmxfrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\umpnpmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\umpo.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\umpowmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\umrdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\unattend.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\unimdmat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\uniplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\unlodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\unregmp2.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\untfs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\upnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\upnpcont.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\upnphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ureg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\url.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\usbaaplrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\usbceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\usbperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\UserAccountControlSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\UserAccountControlSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\userenv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\userinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\userinitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\UserLanguageProfileCallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\UserLanguagesCpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ustprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\UtcResources.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\utildll.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Utilman.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\uudf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\UXInit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\uxlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\uxtheme.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VAN.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Vault.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VaultCmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VaultRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vaultsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VBICodec.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vbisurf.ax:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vdsbas.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vdsdyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vdsldr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vdsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vdsvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vds_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\verclsid.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\verifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\verifier.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\version.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vidcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vmbuspipe.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VmdCoinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vmictimeprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vpnikeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VscMgrPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vssadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vsstrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\w32tm.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\w32topl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WABSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\waitfor.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WallpaperHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WavDest.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wavemsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wbadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wbemcomn.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wcmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wcmcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wcncsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WcnEapAuthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WcnEapPeerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WcnNetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WcsPlugInService.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WdfCoInstaller01007.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WdfCoInstaller01007.dll:$CmdZnID [26]
AlternateDataStreams: C:\windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wdiasqmmodule.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wdmaud.drv:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wdscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Websocket.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wecapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wecsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wecutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wephostsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wercplsupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\werdiagcontroller.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WerFault.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WerFaultSecure.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wevtfwd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wevtutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wextract.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WfHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WFS.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\where.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\whhelper.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\whoami.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wiaacmgr.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\wiaaut.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wiadefui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wiadss.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wiarpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wiascanprofiles.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wiaservc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wiashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wiatrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wimserv.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winbici.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winbio.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winbrand.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Background.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Background.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Custom.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Custom.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Portable.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Sensors.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Graphics.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Media.Renewal.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Media.Streaming.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Networking.Proximity.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Storage.Compression.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.System.Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.System.RemoteDesktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WindowsAnytimeUpgradeui.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WindowsCodecsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\windowslivelogin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winethc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinFax.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wininit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wininitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Winlangdb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winlogonext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winmmbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinMsoIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winnsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinOpcIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winresume.efi:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winrnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winrs.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winrscmd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winrshost.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\winrssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinRtTracing.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\WinSAT.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinSATAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winshfhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winsku.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winsockhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WINSRPC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinSyncMetastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinSyncProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinUSBCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WinUSBCoInstaller.dll:$CmdZnID [26]
AlternateDataStreams: C:\windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\winver.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\witnesswmiv2provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wkscli.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\wkspbroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wkspbrokerAx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WLanConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlandlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlanext.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlangpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WLanHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WlanMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WlanRadioManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlansvcpal.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlgpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlidcredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlidfdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlidnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wlrmdr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WlS0WndH.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmcodecdspps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmdmlog.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmdmps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmdrmdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmdrmnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmiclnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\wmicmiplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmidcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmidx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmiprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmitomi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMNetMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WmpDui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmsgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMSPDMOE.DLL:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\WMVCORE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wmvdspa.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WofTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WofUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\workerdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wowreg32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpccpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WpcWebSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpdbusenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WpdMtp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WPDShextAutoplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WPDShServiceObj.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\WPDSp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpd_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wpnsruprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ws2help.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wscisvif.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WSClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\WSCollect.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wscproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WSDMon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WSDPrintProxy.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WSDScanProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wsepno.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wshcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wshelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wship6.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wshirda.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wshnetbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wshqos.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WSHTCPIP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WsmAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wsock32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wsqmcons.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WSReset.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WSService.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WSSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WSTPager.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wtsapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wuaext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WUDFCoinstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WUDFHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WUDFPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WUDFSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WUDFx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WUDFx02000.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wusa.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WUSettingsProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wwancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WWanHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wwaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Wwanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\WwanRadioManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\XAudio2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\xcopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\XInput1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\XInput9_1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\xmlfilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\xmlprovi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\XpsFilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\XpsGdiConverter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\XpsPrint.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\XpsRasterService.dll:$CmdTcID [64]

Troj Vic · 01.06.2016, 20:38

Dass Hauptfeld ist aber heute Dicht, hier ist schon Nummer drei des Teams Addition:

Code:

ATTFilter

AlternateDataStreams: C:\windows\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\xpsservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\XPSSHHDR.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\xpssvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\xwizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\xwizards.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\xwreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\xwtpdui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\xwtpw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ZLhp1020.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\ZSHP1020.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\zshp1020s.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\accessibilitycpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\acledit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\acppage.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\activeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\adsldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\adsldpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\adsmsext.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\advpack.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\amstream.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Apphlpdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\appidapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AppxSip.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ARP.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\at.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AtBroker.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\atl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\atlthunk.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\attrib.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\audiodev.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\authfwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AuthFWGP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AuthFWWizFwk.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\autoconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\avicap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\avifil32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\avrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\azroles.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\AzSqlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\backgroundTaskHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\BackgroundTransferHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\batmeter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\BCP47Langs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bdaplgin.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bidispl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\BioCredProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bitsadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bitsperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bitsprx2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bitsprx3.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bitsprx4.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bitsprx5.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bitsprx6.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bitsprx7.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bootcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\browseui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\bthudtask.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\btpanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Bubbles.scr:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\BWContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cabinet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cabview.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CallButtons.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\capisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\catsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\catsrvps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cca.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\certca.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\certCredProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CertEnrollCtrl.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CertEnrollUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\certmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CertPolEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\certreq.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cfmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cfmifsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\chcp.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CheckNetIsolation.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\chkdsk.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\chkntfs.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\choice.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CHxReadingStringIME.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cic.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cipher.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\clb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\clbcatq.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cleanmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cliconfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cliconfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\clip.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CloudNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cmcfg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cmdext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cmdial32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cmdkey.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cmdl32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cmlua.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cmmon32.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\cmpbk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cmstp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cmstplua.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cngcredui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cnvfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\colbact.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\colorcpl.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\colorui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\compact.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\compstui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ComputerDefaults.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comrepl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\comuid.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\connect.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ConnectedAccountState.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\console.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\control.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\convert.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CredentialUIBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\credwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cryptbase.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cryptdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cryptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\crypttpmeksvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cryptui.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\cryptuiwizard.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ctfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\cttune.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\cttunesvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\C_ISCII.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3d10.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3d10core.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3d10_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3d10_1core.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3d8thk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3dim.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3dim700.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3dramp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\d3dxof.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dabapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dataclen.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\davhlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dbnetlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dbnmpntw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dccw.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dcomcnfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DDACLSys.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ddodiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DDOIProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DDORes.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DefaultDeviceManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\delegatorprovider.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\desk.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\deskadp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\deskmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DevDispItemProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DevicePairingProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DevicePairingWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DeviceProperties.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DeviceSetupStatusProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DeviceUxRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\devmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\devobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\devrtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dfrgui.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dfscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DfsShlEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dhcpcmonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dhcpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DHCPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dialer.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\difxapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dimsjob.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dinput.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dinput8.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\diskcomp.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\diskcopy.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\diskcopy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\diskpart.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\diskraid.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dispex.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DisplaySwitch.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dllhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dllhst3g.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmband.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmcompos.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmdlgs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmdskmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmime.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmintf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmloader.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmocx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmstyle.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmsynth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmusic.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmvdsitf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dmview.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\docprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\doskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dot3api.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dot3cfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dot3dlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dot3gpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dot3gpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dot3hc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dot3msm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dot3ui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dpapimig.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DpiScaling.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\driverquery.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\drprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\drt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\drtprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\drttransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\drvinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dsauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dsdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dskquota.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dskquoui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dsound.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dsparse.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dsprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dsquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dsrole.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dssec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Dsui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dsuiext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dswave.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dtsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\duser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dvdplay.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\dvdupgrd.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DWWIN.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dxdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dxdiagn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\DxpTaskSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\dxva2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\eapprovp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\EAPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\efsadu.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\efscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\efsui.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\efsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\EhStorAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\EhStorAuthn.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\EhStorPwdMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ELSCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\elshyph.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\elslad.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\elsTrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\eqossnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\es.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\esentprf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\esentutl.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\eudcedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\eventcls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\eventcreate.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\eventvwr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\expand.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\extrac32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Faultrep.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fdBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fdBthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\FdDevQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fdPnp.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\fdprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fdProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fdSSDP.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\fdWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fdWNet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fdWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\feclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\filemgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\find.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\findstr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\finger.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fltLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fltMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fms.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Fondue.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fontview.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\forfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\format.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\framedyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\framedynos.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\frprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fsutilext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ftp.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\fundisc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\fwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\FXSAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\FXSCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\FXSCOMEX.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\FXSEXT32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\FXSXP32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\g711codc.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\gcdef.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\getmac.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\getuname.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\glcndFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\glmf32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\globinputhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\glu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\gpedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\gpprnext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\gptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\gpupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\grpconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hcproviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hdwwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hdwwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\help.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\HelpPaneProxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hh.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hhctrl.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hhsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hid.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hidphone.tsp:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hidserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hnetcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\hnetmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\HOSTNAME.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\httpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\htui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ias.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\iasacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iasads.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iasdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iashlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\IasMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iasnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iaspolcy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iasrad.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iasrecst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iassam.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iassdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iassvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\icacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iccvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\icmui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\IconCodecService.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\icsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\icsunattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\idndl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\IDStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\IEAdvpack.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iesysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iexpress.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ifmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ifsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ifsutilx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\imaadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\imapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\imgutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\imm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\inetmib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\InfDefaultInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\InputSwitch.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\intl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ipconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iprtprio.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ir32_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ir41_32.ax:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\ir41_qc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ir41_qcx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ir50_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ir50_qc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ir50_qcx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\irclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\irprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iscsicli.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iscsicpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iscsicpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iscsied.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iscsium.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iscsiwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\isoburn.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\itss.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\joy.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDRUM.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDTT102.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\kernel.appcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\keyiso.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\keymgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\kmddsp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\korwbrkr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\kstvtune.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Kswdmcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ksxbar.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ktmutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ktmw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\l2gpstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\l2nacp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\L2SecHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\l3codeca.acm:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\l3codecp.acm:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\label.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\LAPRXY.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\LaunchTM.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\licmgr10.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\linkinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\loadperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\localsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\LocationNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\lodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\logagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\loghours.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\lsmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\luainstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Magnification.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Magnify.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\makecab.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MbaeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mbussdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mcbuilder.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mciavi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mcicda.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mciqtz32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mciseq.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mciwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mdminst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mf.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\mf3216.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfAACEnc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfdvdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfh264enc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mftranscode.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mgmtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mibincodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\midimap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\miguiresource.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mimefilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mimofcodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MirrorDrvCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\miutils.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\mlang.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mmcbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mmci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mmcico.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mmcshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mmsys.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mobsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mode.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\modemui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\more.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mountvol.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Mpeg2Data.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mprext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mprmsg.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\MRINFO.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MrmIndexer.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msaatext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msacm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msacm32.drv:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mscat32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mscpxl32.dLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msctfime.ime:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MsCtfMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msctfuimanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msdadiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msdart.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msdelta.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msdrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msdt.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msfeedsbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msfeedssync.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msg711.acm:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msgsm32.acm:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mshta.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msidcrl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msident.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msiltcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msimg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msimtf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msisip.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msiwer.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mskeyprotcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mskeyprotect.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msls31.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msoeacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msoert2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mspaint.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\mspatcha.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mspatchc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msports.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msra.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msrating.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\msrdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msrle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msscript.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mssha.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msshooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mssign32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msvcirt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msvcp60.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msvfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msvidc32.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSWB7.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSWB70011.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSWB7001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSWB70404.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MSWB70804.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mswmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\msxml6.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mtstocom.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mtxdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mtxex.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mtxlegih.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\muifontsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\MuiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mycomput.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\mydocs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Mystify.scr:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\napdsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NapiNSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\napipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NAPMONTR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NAPSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Narrator.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NcaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NcdProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\nci.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ncobjapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\ncpa.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ncryptprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ndadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\nddeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ndfapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ndfetw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ndfhcdiscovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ndiscapCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ndishc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ndproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\negoexts.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\net.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\net1.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netbios.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netcenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netdiagfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netid.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netjoin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Netplwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netprofm.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\netprovisionsp.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\netsh.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NETSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\netutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\networkexplorer.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\networkitemfactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\newdev.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\newdev.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ninput.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NL7Data0011.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NL7Data001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NL7Data0404.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NL7Data0804.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\nlhtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\nlmgp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\nlmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\nlmsprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0000.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0002.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0003.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0007.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData000a.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData000c.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\NlsData000d.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData000f.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0010.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0018.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData001a.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData001b.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData001d.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0020.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0021.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0022.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0024.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0026.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0027.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData002a.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0039.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData003e.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0045.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0046.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0047.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0049.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData004a.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData004b.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData004c.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData004e.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0414.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0416.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0816.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData081a.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsData0c1a.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Nlsdl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\normaliz.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\npmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\nshhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\nshipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\nsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\nslookup.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntdsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntlanman.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntlanui2.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntmarta.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ocsetapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odbc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odbcad32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odbcbcp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odbcconf.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odbcji32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odbcjt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\oddbse32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odexl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odfox32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odpdx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\odtext32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\OEMLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\offfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ogldrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\olecli32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\oledlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\oleprn.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\olesvr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\olethk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\onex.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\onexui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\OobeFldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\openfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\opengl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\OpenWith.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\osbaseln.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\OskSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\osuninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\P2PGraph.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\p2pnetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\panmap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PATHPING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pautoenr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pcacli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pcaui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pcaui.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PCPKsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\perfctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\perfdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\perfnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\perfos.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\perfproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\perfts.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PickerHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pid.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\PING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PkgMgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pla.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\playlistfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PlaySndSrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PlayToStatusProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\pngfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pnrpnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pots.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\powercfg.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\powercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\powrprof.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\print.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PrintConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\printui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\printui.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\prncache.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\prnfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\prnntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\prntvpt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\profapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\profext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\proquota.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\provcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\provsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\provthrd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ProximityCommonPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ProximityRtapiPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\prvdmofcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\psapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\psr.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\pstorec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\QAGENT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\QCLIPROV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\qdv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\qmgrprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\QSHVHOST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\QUTIL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\qwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RacEngn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\racpldlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\radardt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\radarrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasadhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasautou.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rascfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\raschap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\raschapext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasdiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasdial.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\raserver.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasmontr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasmxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasphone.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasplap.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rasser.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rdpendp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RdpSa.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RdpSaProxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RdpSaPs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RdpSaUacHelper.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rdrleakdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rdvvmtransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\recover.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\reg.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\regapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RegCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\regedt32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\regini.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Register-CimProvider.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\regsvr32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ReInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rekeywiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\remotepg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\remotesp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\replace.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\resmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Ribbons.scr:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RMActivate.exe:$CmdTcID [130]

Troj Vic · 01.06.2016, 20:39

Und weit abgeschlagen die Startnummer vier, wie der es nur ins Team geschafft hat?

Code:

ATTFilter

AlternateDataStreams: C:\windows\SysWOW64\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RmClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rnr20.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Robocopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ROUTE.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RpcNs4.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rpcnsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RpcPing.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RpcRtRemote.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RstrtMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rtffilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rtm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rtutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\runas.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\rundll32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\runonce.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\samcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sas.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sbeio.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\scansetting.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SCardDlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\scecli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\schedcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\scripto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\scrnsave.scr:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\scrobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sdchange.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sdiageng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sdiagnhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sdiagprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sdohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SecEdit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\secinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\secproc_ssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\secur32.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SensApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SensorsCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\serialui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\serwvdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sethc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\setupapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\setupcln.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\setx.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sfc.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sfc_os.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shgina.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shimgvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shlwapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\shpafact.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shrpubw.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shunimpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shutdown.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\shwebsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\signdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SimAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SimCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sisbkup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SkyDriveShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\slpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SmartScreenSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SMBHelperClass.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SndVol.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\snmpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\softkbd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\softpub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sort.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SortServer2003Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SortWindows61.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SortWindows6Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\spbcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\spfileq.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SPInf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\spnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\spopk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\spp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\spwinsat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\spwizeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\spwmp.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\sqlcecompact40.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sqlceoledb40.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sqlceqp40.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sqlcese40.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sqlsrv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\srchadmin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\srumapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\srumsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ssdpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SSShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ssText3d.scr:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Startupscan.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\stclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sti.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\StorageContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Storprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\subst.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\svchost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sxproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sxshared.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sxsstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sxstrace.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SyncHostps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SyncInfrastructure.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SyncInfrastructureps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Syncreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\syncui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sysdm.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\syskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\syssetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\systeminfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\systray.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\takeown.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tapi3.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TapiMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tapiperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TapiSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TapiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\taskkill.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tasklist.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Taskmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TaskSchdPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tcmsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tcpmib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tcpmonui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TCPSVCS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tdh.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\telephon.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\termmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\threadpoolwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TimeBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TimeDateMUICallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\timeout.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tlscsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tpmcompc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TpmInit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TRACERT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\traffic.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tree.com:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tsbyuv.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\TSChannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TSTheme.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TtlsAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TtlsCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\TtlsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tvratings.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\twext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\txflog.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\txfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\tzutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ucmhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\udhisapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\uexfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ufat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\uicom.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\uireng.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ulib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\umdmxfrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\unimdmat.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\uniplat.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\unlodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\unregmp2.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\untfs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\upnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\upnpcont.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\upnphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ureg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\url.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\usbceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\usbperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\UserAccountControlSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\userenv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\userinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\userinitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ustprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\utildll.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Utilman.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\uudf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\UXInit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\uxlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\uxtheme.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\VAN.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Vault.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\VBICodec.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\vbisurf.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\vdmdbg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\vds_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\verclsid.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\verifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\verifier.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\version.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\vidcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\vpnikeapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\VscMgrPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\vssadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\vsstrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\w32tm.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\w32topl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WABSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\waitfor.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wavemsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wbemcomn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wcmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wdigest.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\wdmaud.drv:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wdscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Websocket.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wecapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wecutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\werdiagcontroller.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WerFault.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WerFaultSecure.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wevtfwd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wevtutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wextract.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WfHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\where.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\whhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\whoami.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wiaacmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wiaaut.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wiadefui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wiadss.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wiascanprofiles.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wiashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wiatrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winbio.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winbrand.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Background.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Graphics.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.System.Display.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.UI.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WindowsCodecsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\windowslivelogin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WinFax.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wininitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Winlangdb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winmmbase.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winnsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winrnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winrs.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winrscmd.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winrshost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winrssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WinSATAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winshfhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winsku.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winsockhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WINSRPC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WinSyncMetastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WinSyncProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\winver.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wkspbrokerAx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlanapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WLanConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlandlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlanext.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlangpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WlanMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlgpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlidcredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlidfdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlidnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WlS0WndH.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOE.DLL:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmcodecdspps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmdmlog.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmdmps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmdrmdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmdrmnet.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmiclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmidcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmidx.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmiprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmitomi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMNetMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WmpDui.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmsgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVCORE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wmvdspa.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wowreg32.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WPDShextAutoplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WPDSp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ws2help.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wscapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wscisvif.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wscproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wshbth.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\wshcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wshelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wship6.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wshirda.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wshqos.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WSHTCPIP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WsmAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wsock32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WSSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WSTPager.ax:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wtsapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wusa.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\XAudio2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\xcopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\XInput1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\XInput9_1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\xmlfilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\xmlprovi.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\XpsFilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\XpsPrint.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\XpsRasterService.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\xpsservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\XPSSHHDR.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\xpssvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\xwizard.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\xwizards.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\xwreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\xwtpdui.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\xwtpw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\acpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\agilevpn.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\bridge.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\bthenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\bthpan.sys:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Drivers\bthport.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\BTHUSB.SYS:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\clfs.sys:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\fltMgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\fsdepends.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\hdaudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\hidbth.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\intelpep.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\lgandnetbus64.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\lgandnetdiag64.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\lgandnetmodem64.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\LMDriver.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mpsdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Drivers\msgpioclx.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mslldp.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ndiscap.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\NdisImPlatform.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ndistapi.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ndproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\Ndu.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\netbios.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\netvsc63.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\nsiproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ntfs.sys:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\pacer.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\qwavedrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\RadioShim.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\rasacd.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\rasl2tp.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\rassstp.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\refs.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\rfcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\rootmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\scfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\ssudmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\swenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\tbs.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\TsUsbGD.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\tunnel.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\UCX01000.SYS:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\usb8023.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\usbaapl64.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\usbcir.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\USBHUB3.SYS:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\usbvideo.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\USBXHCI.SYS:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\vmbus.sys:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\Drivers\vmstorfl.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\volmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\volsnap.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\wanarp.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\wfplwfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\wimmount.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\winhv.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\wpcfltr.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\WUDFPf.sys:$CmdTcID [64]
AlternateDataStreams: C:\windows\system32\Drivers\WUDFRd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\St\Downloads\Bamberg_U_SD_Systemakkr.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\St\Downloads\Bamberg_U_SD_Systemakkr.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\St\Downloads\Potsdam_U_Antrag_Syakk_15.07.10.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\St\Downloads\TUD_Selbstdokumentation_Gesamt_12-03-2014.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\St\Downloads\TUD_Selbstdokumentation_Gesamt_12-03-2014.pdf:$CmdZnID [26]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img10.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3A692BFA-6671-4D19-B2AF-78D6340075F1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{4D0C4527-C3B3-4B02-87B5-EEA122EC851E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{90CC0254-5914-4FB0-A0D1-C492A0BD2A6B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{67A63F86-82F7-4C4E-9C80-4C4630B6AF90}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{A1A294ED-8B42-43B3-945F-F8DE649B2AC0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{76AC4411-6842-4786-A414-728D9FF747A8}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{12B7211A-1FF3-4D48-A42F-1AF6A978B09F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{BDBE0138-50AD-4811-8A97-DF9AB6A75CD2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{C5BD8750-1F1E-485F-8BB4-E5D8F52784C3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0AEA02C1-AF4E-4045-8B2F-04F7CA18E4AB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BC37A673-2134-48BF-AD99-5DD847A3151C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{1871439F-25A0-4F5F-B75A-C565B29AE7FC}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F1D1F73A-7B55-4805-8B5F-BAB46D50F969}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{902F4A0A-A567-4C46-A8FB-0CA304407F70}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{CD496ED7-2119-43D6-8185-8E4E4C3FDBED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5865851F-137A-44BD-A935-0E439BACE734}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C85EF3E9-5667-4828-B306-888A03476B2A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9842E5B4-3E47-4ECC-8124-73ECF4392912}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BDD05F30-7C09-44A4-B79A-8A5B160E20C5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F620FD69-46D0-4DA6-8FDC-AC8322834033}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{04B2CB86-05C2-4179-A4EE-9BBBAD669320}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B9A8EA02-04EB-40C6-8F71-170199A5BBB3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7830A406-AB9B-42FB-8141-7328E152107C}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{3B95141D-D942-4A64-A378-75BD97EEC919}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{653295D5-856F-4D07-AD03-F331417D86B4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{41AA97FE-2BDC-4E48-91C7-F7CA83ACC31C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{C8A97B9C-879F-4A70-8E6F-99E6820C46C1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{F233335E-EF61-48D8-89CF-F971D0DC2F9D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{3F9A5A66-4545-4FA6-9498-039D2CF82855}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9D59A053-FC9E-498E-8D0E-C583F18D7BF8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9B1E2AF2-E405-4ECB-8C21-ED878A5739D8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D08C713B-4803-4803-A54E-4AB3B0282DA0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{5A923E79-3647-439C-89DA-79FE1E62ED81}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C9EE809A-E5CB-42E0-9D97-024213B10C92}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{828FC439-B3DC-42B4-904A-35C0D0015C81}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{41C168F8-C4C0-43D3-9FCC-5C0697F90D51}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{09464B79-CEF3-49E9-959B-17C9EE62480F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8A4A44B0-A261-48D2-B178-5EC9CE91F86D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F58F6145-0D1D-42E9-8894-8AF7A8279711}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E87A5D1D-68F2-4530-96A4-6F997EF5BB75}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F37451BF-C7B9-4585-A262-C6B8B7E49B0A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0BE8CA58-953C-4B9C-B1CC-600956C1D227}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0EA7FF69-E392-4B4A-AE43-33C73294C3BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{232C17B3-54D5-415B-AEA9-593313C5951C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{524DC082-C5CE-41A8-B06A-72E161AEC74D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B45FC7B9-BD7A-494F-8B04-4172B2584121}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FCE5F76A-F713-455B-A987-05DC597D4B17}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{386A5FCA-ABC5-4C46-A1C9-9B09830F7378}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1968AFA5-3552-41E5-A6BF-94185369C2DF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{FA421636-0CD3-48E5-BD8B-0C39D11B4397}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F5200FCF-C87B-406A-BEA5-CB0DED434B9D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{72CD96A1-8797-4D78-AA05-26CA87EB5AA0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52B130A5-7ECB-4B15-83F9-E9556E9A3CDA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C7ADE57A-DC8B-4D28-8863-F14A67DB2D5D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{BB9D24DB-EEC4-4071-9865-185EB40DB669}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{E07411CF-BBF3-41F3-964D-ED762A96050F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C9CEE52F-0DE7-466E-B285-A3EE2237760A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9C33C35F-8E85-4027-AAB9-8076FB685D81}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F56EB349-0C6F-4EAA-977D-8EF6512823A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7D50A434-27C6-4624-8F88-8CD593A82233}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{02F3DA28-A113-4600-9A54-36E9AE9BD17D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{25FAD7E8-11AA-4D6A-B862-6C761D229C20}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{EBC25E8B-4DFB-4832-9E6A-E89BA0E5F63E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{192A51B8-48C0-46FC-8398-48C0F578A11F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{6CF62567-07E0-46C5-B2C4-FB7164BFC8F8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9B838AA4-84A3-4D94-99DE-2448E59F22B2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{EDABED4F-43A0-40BC-9FF6-56737700F41A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{3A9BBC9C-D959-4AF9-AEB2-FE14BB29FE79}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{763141EF-0499-4311-B941-C945793C0B39}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E6D4D32A-9530-4CAD-8AA5-C75D129AB5EC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{876F829C-E95F-446C-BDAA-CD3CAF108165}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{DC7EA9FC-0F1F-4B74-BC8C-38BF691C74F3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{48B2E8E0-62F7-481C-9607-A238B534E4DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{633D1633-545E-4D13-8381-31549B2B4F13}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F19093FB-1B4E-405F-B2DD-6AAFE673CC2B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{319C4F79-ACE4-4833-8E2E-A2209D441514}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{860C949E-4CDB-4347-A5B1-B495C32A2956}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C6094BC1-299F-4772-887A-265D3C9F9EE3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{153EE32C-FD98-46E3-B2F9-1C69A02543AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{17DFD2BD-9A0C-4FE1-89CD-85D4A79298EC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C0D052A5-724F-4F1B-8324-85D13F1E3436}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{44A671A2-E026-48D6-8F55-4F9416958A69}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0EE61A60-9E79-4D01-8250-6B5A82595853}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8BF82C58-AEF4-4FA5-B9EF-834F6CDF5103}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52AE8EF7-BE19-401D-91A7-403D81F40219}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{85212B6C-9002-4BC7-839B-E74E0CB7DDA3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{284C9E16-F55D-4E1E-B293-F42691B53F63}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{510A5BD1-3D58-4BD7-9C10-E3C6F2E3DB2B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9178D7A3-9A74-4751-A5FB-E848B3B4D5AC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{392E2B21-AA09-4C89-A2D6-B6225514A433}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{019F548A-680B-421C-8D51-59E619F91F71}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{490F1C66-78ED-457E-AC65-6465295574A4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{129329C7-6D7E-4D63-90E5-D9CC83DCF0BC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{56BAD2B3-A86D-42F5-8CD4-234577ADFDC6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{646BD37C-9B44-4FB3-A35E-2CFF624431B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{DC4077CA-2DFC-4B22-838B-83057727EED1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0496A2C5-EF8F-4BE6-9144-6941D2712791}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CCF6C2A9-7F99-421A-B07D-337F0AFEF0C5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8E73254E-4DB6-47DC-9F25-11769BE41AD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C01CDE6F-D830-41BB-9A09-BEDF57C25540}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{E7280DE0-A387-416A-A820-C4611D6C70B4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{71BB9AF2-6000-4F8A-A6BE-A21112DD9DC0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0FEDA432-7061-412D-B0A4-89C4D211975C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{CDA0CB86-BCA4-4FDF-AD7C-46A42FB316A4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A4C6EFAF-5E99-4047-9518-36BB626F771B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{3D89DCBD-BEA7-4549-8838-608811DA80A6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CA0FC011-CA62-45AF-8DE3-40F6654FE088}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{13771C19-F530-415C-91F9-AC78C98DE88A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7CC5FFBE-08C0-45B9-8F50-D9764F9BC212}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{5612FD83-9E3E-4FB4-B03D-F847279B16D3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E1A6F5B3-1A23-471C-9A28-6E866FB26DE1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9FE22B77-2572-4C4C-8951-BF8D9B91839F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5CDF8ABC-9490-4C6A-83DF-31BCFA6C00DF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D431BF17-EB72-46FD-B49F-07D03BBD7778}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9EC2FEEB-BA74-413C-93B1-479B85B3AF2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{4416A539-1EC1-4647-AF85-51CA4A1088E8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{AA773625-FEC9-4CE6-858E-B15333D9344C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0C26A71F-6B66-4097-A888-EB66F45916CD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D3B933A8-2BAE-4027-AFBC-C3DB94C3BEDC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{30E404FE-EE88-4D4B-A556-B1C3CE55BDCD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F26737A0-E21E-428B-A704-322F8B1CCAAD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{A16034BB-21A1-47CD-A08B-3D7151EE6F0B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9164A0B6-DA7C-4B88-BFCA-D08BD21E218E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{4D1FE3AD-78EF-42B4-9787-51B3EFB864E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0C59A26D-F9B0-4684-B36A-ECA79ADBB2C2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{583721D2-8C7C-403A-88DB-153927D0127E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D5C58683-88C6-473F-A73F-52BEE6CE9D04}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9E201161-FA80-4711-AC09-491BA929CFBD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C06F22DD-3571-48F9-B498-B7DAC7B8917A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{823CFDEF-C32C-4D3F-83D2-0351B78419E0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{87DE90D0-01D3-4DCB-A9F2-6FE83BE11F90}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0EBE3EF6-F987-4452-80F6-1A5BAD577CC1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{734CBCD5-3734-4018-8916-089D1E3E7266}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{43DD63DC-1EB4-44CD-B3B6-2318E63B983F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{4AA300BD-1702-4C57-B172-7E9308326EB4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F01BF9B5-BCAA-4E65-8E7A-852B4A2E2293}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C420A086-6E58-4FB5-98EF-FA6B0C8CA05C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{6C52E5D3-F5EF-41A6-9680-463482E8E36E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1DDEC9D7-ABC4-4DB1-8292-65B7F4EE66B9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{17496A54-E062-4DDF-A32B-05CB07F961A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6B23A617-3EF3-44B3-A579-C4B7E49F9C72}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{37ED0722-E77A-44A6-8B76-34B8C97EFCA8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{B8BDA52E-D2A2-4DA9-986A-8B22D9BE5C9B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{927F12A4-3F3D-4E46-9992-FC835801EF0B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B33AAB79-402F-4AD9-86ED-7F80D8D225F6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52AB9540-A9EA-495B-94F1-B406F8BFDC33}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1FE9AA2F-4647-44F5-868A-650D74FC1D50}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{AB3C87A5-BFF9-46EB-A671-C68B4D5CF6C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CC39FC06-36D7-4D36-8437-169350A2DF4D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{2A394011-8C91-4158-9793-4F73BCCFC8A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{432F0F37-27E3-45DA-800C-2DE555BF426D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{34A8B7A5-FCC1-4E63-8C20-6B4D68E33342}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{EAA0D7C8-A574-47A0-8893-7D419C27FA7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0B0B1F87-6C88-472B-BCB3-50A1275B277E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{141B6327-A5E8-405C-AA64-4BDB8F0E4FD8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{7F78EC53-48FF-481D-839F-271B126E0E96}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{5DA5AA35-FE20-4799-B36F-8E679866D5D5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{B6B34CFF-4A31-4E4C-BCA6-9A8E58D64563}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{58526625-297B-48E1-BCF2-4A25DFF299B5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9079B8E1-56A0-485B-A91A-D7FD80F12EDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{34FA9ADE-B297-4CD8-BA0C-83A8C9119688}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1FDA6F39-8116-4547-9B21-00C84CA6B227}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{B54DFD4D-00FB-479E-BDB2-E3778EEC79FF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0BF5AEEB-358B-47D1-BBBF-E214F1580BB5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B005A06F-12B9-47AA-843D-0F2C0998C07A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0372341B-4FFE-4874-BD88-F154639F30C3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{6ADE2134-F906-4C81-A349-B524970C0091}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1564D67E-2EC4-4EBD-9578-7BF427BA9EB7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{817C146D-E5BA-420F-B48C-7D8A450452AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{6360E0FF-D7BB-4132-9EBA-141589EE2EEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{01D572F0-16B9-43E5-826A-E71356EC5A35}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{35CE69A4-D2F3-406B-B45D-B48EF7C0A3BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F6341F3D-7973-4ABB-9AA7-E427E5C727BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{AD99871D-EB75-49DB-983C-911898B4688A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5A9F3789-7F85-463F-83E2-6A9560DCF5C0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1C31AA7F-126D-48B0-9AE9-AAEEDCFB0771}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{75DA1E9B-16DC-4410-B7EC-092D4E985E37}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{23A92402-AF76-45E5-813A-EE5C17E791BD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A6E956B9-F2FF-4FA4-82AD-890BE11FE20A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{37C81BDD-C040-4CAE-9453-0E621460A0FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{A3DBA858-4526-408A-8B43-0682FA2A5A7F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{20232ACA-257C-4069-93DE-D75813C0D24E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0E0F7AC3-F5EC-434B-AA23-AEAA389B6DB9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{087249FD-9231-4423-A57A-6A13D3CB7B65}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CE7FB240-4024-4E25-A0EB-C4167AB29313}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{955F2EC7-A72B-47B7-B9C9-3546CC9E40D8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{28D020CC-A812-4732-9422-03B4F3C277C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{49E604C6-072C-4865-A6C4-38E1EBC3192F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E46CD073-5723-4113-948F-F0498677E197}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{4650E7F7-1EC5-4485-A202-3A83C0640764}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1892E1AD-D304-4F4D-9245-8C3FA8A688E3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1C3E5793-CC32-4168-8CF5-47D7E365C5CD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CF1B0872-848C-49F1-B75B-E087B2D202B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{859DEA75-1A4B-441D-A07E-812CA2F9BD17}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{CEBF598F-3AC9-43B2-8211-CC36AF624BDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F399AD4C-8079-4AB7-9BC1-E28F6142708A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{3B26F8FB-4E25-4E5B-B1A8-B601517F08F1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0A3F1638-715C-462A-B8C9-A57F6BD4EBF0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9AA98031-263B-4D88-81A5-FA878F5157EF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8BC7419E-A571-4098-A752-B3B72227ACA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{5EB2FBF6-A66C-4085-8FDE-384B8BC9394C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F7D3F623-5A2E-42C5-A1C1-9797864E5501}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0371DB23-ED59-4BBF-BC87-C7658379CC23}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0A892605-F5A6-4716-819C-99A82042D9DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{502DCB77-4D94-414C-841E-881C0137051A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{94F1647C-39C0-4E1F-BC43-34E282C85FEA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6309D76E-CC9F-4A8B-9425-DAB248744DEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D1EADD00-7098-4BD0-96FA-9B37FCAA406C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B14F0D13-570A-4164-AD0A-7F4201CAD20E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{58873BBF-77E0-402D-8089-2E52FCEF65B7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1009B779-F3E1-4F85-B92C-82BBC8EB0B33}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F1D71B7D-9D78-4E8E-A452-37E252A78A4A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2C8F248A-AE1F-451C-98A0-368027B1F874}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{7F20A6F2-F908-45F6-AA51-33AE78B2104C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E5145EA9-DEB6-4B4F-B249-B91AF14491F7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D0743AE7-1B78-4440-934D-EE2280AB21A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F17CF4A9-6653-4012-9534-CA56495C3CB6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1844093D-DE5F-4DA9-882A-63EB441C4001}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{846CB1C7-F18B-402A-B9E3-CBBDB8571C88}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{20744EC2-B1DA-4004-B8A1-DE4998CA863A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0DF7F6DD-C21B-4205-923F-ACF279F636F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9A732564-3F9A-41BC-9993-38174E28AA31}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{70537F9F-685F-40DA-B14D-639FE6523512}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D69A4E34-4C13-463F-B9AC-72F464447186}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{44DADE86-585D-438A-955A-93BF7628C369}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{357AF817-5F14-4DC4-B4C0-BE7547815CCB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A24822CD-12AE-40DF-9313-26D7074767EB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{268752F1-9052-4702-954E-8BAD7280A95A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4C880AB4-A387-4486-8062-E6A1FED32807}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E0E75E75-785B-41AF-86CD-AEECE6DF24F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1B5EDD28-75ED-4045-A6CA-4F1D148DD704}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{69678128-EFD1-485F-BC58-96BFF985AB1B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{16AE488A-B512-447B-B0DD-B3ADD93A4204}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A3A8225C-98A5-401B-B7C2-9FB8BBC5337A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{9899EABD-44D4-4FDC-8B43-F6CD64A2B338}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{C9903273-33B5-4651-A660-4EE857F88BFF}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{358C11D0-6680-427F-B7A8-1DEAF045D54A}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{02A55493-FC18-42B1-8AC7-7CFAF3F7FC76}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{333B6BA7-72A7-49DB-99EF-49CE92717989}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{7B18ECB1-DEFC-4AFC-A7DE-4316961B7929}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{02D61140-D3BC-4064-A99C-D25EFEEC901A}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{7D18EEC4-665C-4C57-AABC-B75889331B15}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{6ACA6621-1B43-4201-ACDC-B40DA563F8A4}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{40A88752-9155-444A-BE91-6FDBD7EE3807}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{774A1A3C-B222-4956-BAF5-030D739A59D4}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{EA3EA2A6-EF5C-40AF-A0DC-69DDEBBA00A3}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe

==================== Wiederherstellungspunkte =========================

19-05-2016 20:16:48 Windows Update
25-05-2016 19:59:36 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/01/2016 09:04:30 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain:  CreateSharedMemory() failed.
Session ID = 1

Error: (06/01/2016 09:04:30 AM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 1

Error: (05/31/2016 09:01:40 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain:  CreateSharedMemory() failed.
Session ID = 1

Error: (05/31/2016 09:01:40 AM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 1

Error: (05/30/2016 08:49:03 PM) (Source: ESENT) (EventID: 454) (User: )
Description: DllHost (4912) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -566 auf.

Error: (05/30/2016 08:49:02 PM) (Source: ESENT) (EventID: 516) (User: )
Description: DllHost (4912) WebCacheLocal: Datenbank C:\Users\St\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Fehler bei Überprüfung von Seite 651 (0x0000028b) wegen einer Zeitstempel-Nichtübereinstimmung. Der 'before'-Zeitstempel für den Protokolleintrag lautete 0x2a7bd, der tatsächliche Zeitstempel auf der Seite war jedoch 0x287af. Der 'after'-Updatezeitstempel 0x2a811, der den Zeitstempel auf der Seite aktualisiert hätte. Wiederherstellung führt zu Fehler -566. Wenn dieser Zustand länger andauert, stellen Sie die Datenbank aus einer früheren Sicherung wieder her. Diesem Problem liegt vermutlich ein Hardwarefehler zugrunde, wobei in der Vergangenheit mindestens eine Leerung dieser Seite verloren gegangen ist. Wenden Sie sich an den Hardwarehersteller, um Hilfe bei der Problemdiagnose zu erhalten.

Error: (05/30/2016 08:44:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (05/30/2016 08:44:29 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain:  CreateSharedMemory() failed.
Session ID = 2

Error: (05/30/2016 08:44:29 AM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 2

Error: (05/29/2016 11:46:00 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain:  CreateSharedMemory() failed.
Session ID = 1


Systemfehler:
=============
Error: (06/01/2016 01:34:17 PM) (Source: DCOM) (EventID: 10010) (User: Steffi)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/01/2016 01:33:47 PM) (Source: DCOM) (EventID: 10010) (User: Steffi)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/01/2016 08:59:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/01/2016 08:58:54 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (05/30/2016 08:53:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/29/2016 11:40:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/29/2016 11:24:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/29/2016 10:40:26 PM) (Source: DCOM) (EventID: 10010) (User: Steffi)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/29/2016 10:39:56 PM) (Source: DCOM) (EventID: 10010) (User: Steffi)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/29/2016 10:27:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


CodeIntegrity:
===================================
  Date: 2016-06-01 21:21:50.131
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-01 10:30:17.554
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-01 10:20:29.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-01 09:09:18.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-31 14:11:26.216
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-31 10:51:34.202
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-31 10:20:52.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-30 20:43:46.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-30 20:26:33.140
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-30 20:05:40.620
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-4012Y CPU @ 1.50GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 4003.27 MB
Verfügbarer physikalischer RAM: 2193 MB
Summe virtueller Speicher: 4707.27 MB
Verfügbarer virtueller Speicher: 2426.06 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:110.02 GB) (Free:11.36 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: E2B8D7DB)

Partition: GPT.

==================== Ende von Addition.txt ============================

30.05.2016, 20:26	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Dann zeig nochmal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken __________________ Logfiles bitte immer in CODE-Tags posten

Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP

Log-Analyse und Auswertung: Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP