|
Log-Analyse und Auswertung: Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIPWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.05.2016, 20:12 | #1 |
| Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Hallo zusammen, nach langer Zeit hat es mich nun erwischt, bzw. eigentlich meine Freundin. Sie bekam eine Mail von Amazon mit einer Mahnung, wurde unsicher, dachte sich, die ZIP im Anhang kann ja nicht gefährlich sein, öffnete diese, wurde jedoch bei der enthaltenen .exe vorsichtig... Zu spät, Comodo Internet Security Premium schlug Alarm und virtualisierte div. Prozesse in die Sandbox. Als ich davon erfuhr, war leider alles schon weggeklickt - keine Dateinamen etc. verfügbar. Ich habe die Comodo Clenaing Essentials drüberlaufen lassen - jedoch bei x Versuchen nie bis zum Abschluss. Bei Lauf 1 fand er 2 Rootkits, bei den Läufen danach keine mehr. Aus für mich nicht nachvollziehbaren Gründen kommt er jedoch nie zum Ende sondern bleibt irgendwie hängen, auch wenn ich den PC über Nacht anlasse. Die Logs sind leider aussagelos. Daher meine Bitte um Hilfe, da ich mit meinen Mitteln nicht weiterkomme und nicht sicher sein kann, ob ein Virus/Trojaner auf dem PC ist. Gem. Anleitung habe ich nun FRST installiert und laufen lassen. Hier die FRST.txt: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01 durchgeführt von St (Administrator) auf STEFFI (22-05-2016 20:29:44) Gestartet von C:\Users\St\Downloads Geladene Profile: St (Verfügbare Profile: St) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe (Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\SunlightReading.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Hover Access\HoverAccess.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-12-27] (Realtek Semiconductor) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2014-12-27] (Intel Corporation) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2756672 2016-04-21] (Dominik Reichl) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [213536 2016-02-03] (Geek Software GmbH) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-12-27] (Atheros Communications) HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-12-27] (Spotify Ltd) HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\...\MountPoints2: {d0c1fdd8-ca5f-11e5-827f-9194abe72977} - "D:\LG_PC_Programs.exe" ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{5A9F095C-4334-4120-9975-797CDF3ECC0C}: [DhcpNameServer] 192.168.184.1 Tcpip\..\Interfaces\{BEC4EA46-F149-4E9D-B646-8CB98FC635FD}: [DhcpNameServer] 10.0.0.1 Internet Explorer: ================== HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3148902193-1453853946-4009423498-1001 -> DefaultScope {CA3D82E3-65D7-4766-A28A-DEA78C9EBAE5} URL = SearchScopes: HKU\S-1-5-21-3148902193-1453853946-4009423498-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3148902193-1453853946-4009423498-1001 -> {CA3D82E3-65D7-4766-A28A-DEA78C9EBAE5} URL = BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH) Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH) FireFox: ======== FF ProfilePath: C:\Users\St\AppData\Roaming\Mozilla\Firefox\Profiles\qnva6imt.default FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-12-27] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-12-27] (Intel Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Extension: FireGestures - C:\Users\St\AppData\Roaming\Mozilla\Firefox\Profiles\qnva6imt.default\extensions\firegestures@xuldev.org.xpi [2016-05-18] FF Extension: Video DownloadHelper - C:\Users\St\AppData\Roaming\Mozilla\Firefox\Profiles\qnva6imt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-11] FF Extension: Adblock Plus - C:\Users\St\AppData\Roaming\Mozilla\Firefox\Profiles\qnva6imt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-03-04] [ist nicht signiert] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-12-27] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-05-10] (Acer Incorporated) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817200 2016-05-01] (COMODO) R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-05-01] (COMODO) R2 DptfParticipantDisplayService; C:\Windows\system32\DptfParticipantDisplayService.exe [141944 2014-12-27] (Intel Corporation) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-12-27] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2014-12-27] (Intel Corporation) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-12-27] (Acer Incorporated) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-12-27] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2014-12-27] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2014-12-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-12-27] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2015-07-08] (Acer Incorporate) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2015-03-04] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2015-03-04] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2015-03-04] (pdfforge GmbH) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-12-27] (Acer Incorporate) R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-12-27] (Acer Incorporate) R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-12-27] (Acer Incorporated) R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-24] (acer) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29184 2016-02-04] (LG Electronics Inc.) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2016-02-04] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2016-02-04] (LG Electronics Inc.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-12-27] (Qualcomm Atheros Communications, Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-12-27] (Qualcomm Atheros) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-04-27] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851856 2016-04-27] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45592 2016-04-27] (COMODO) R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [70752 2014-12-27] (Intel Corporation) S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-12-27] (Intel Corporation) S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-12-27] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-12-27] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2014-12-27] (Intel Corporation) S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-12-27] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [290256 2014-12-27] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494808 2014-12-27] (Intel Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R0 hzgqpf; kein ImagePath R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation) R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation) S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [83960 2013-10-03] (Intel Corporation) S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [128504 2013-10-03] (Intel Corporation) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-04-27] (COMODO) S0 kebzlm; kein ImagePath R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2015-07-08] (Acer Incorporated) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-12-27] (Intel Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2015-07-08] (Acer Incorporated) R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2015-04-22] (Microsoft Corporation) S0 sjzgxw; kein ImagePath S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-08-12] (Apple, Inc.) [Datei ist nicht signiert] S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-22 20:29 - 2016-05-22 20:30 - 00016472 _____ C:\Users\St\Downloads\FRST.txt 2016-05-22 20:29 - 2016-05-22 20:29 - 00000000 ____D C:\FRST 2016-05-22 20:22 - 2016-05-22 20:22 - 02383360 _____ (Farbar) C:\Users\St\Downloads\FRST64.exe 2016-05-22 20:21 - 2016-05-22 20:21 - 00000017 _____ C:\Users\St\AppData\Local\resmon.resmoncfg 2016-05-18 19:47 - 2016-05-18 19:47 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\dsparse.dll 2016-05-18 19:47 - 2016-05-18 19:47 - 00024064 _____ (Microsoft Corporation) C:\windows\SysWOW64\dsparse.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 03820544 _____ (Microsoft Corporation) C:\windows\system32\rdpcore.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 03273728 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpcore.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 02466136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2016-05-18 19:46 - 2016-05-18 19:46 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\webio.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00442712 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00413696 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00332632 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00316760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys 2016-05-18 19:46 - 2016-05-18 19:46 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\shacct.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00160160 _____ (Microsoft Corporation) C:\windows\system32\IPHLPAPI.DLL 2016-05-18 19:46 - 2016-05-18 19:46 - 00148480 _____ (Microsoft Corporation) C:\windows\SysWOW64\shacct.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00121912 _____ (Microsoft Corporation) C:\windows\SysWOW64\IPHLPAPI.DLL 2016-05-18 19:26 - 2016-05-19 20:21 - 00000000 ____D C:\Users\St\AppData\Roaming\Comodo 2016-05-15 22:37 - 2016-05-15 23:05 - 00299397 _____ C:\Users\St\Desktop\ausgefüllt Vorsorgeset.pdf 2016-05-15 21:24 - 2016-05-15 21:24 - 00297725 _____ C:\Users\St\Desktop\formulare-vorsorgeset.pdf 2016-05-15 13:54 - 2016-05-15 13:54 - 13169768 _____ C:\Users\St\Desktop\Schokolade.pdf 2016-05-12 19:43 - 2016-05-12 19:43 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2016-05-12 19:43 - 2016-05-12 19:43 - 00561960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2016-05-12 19:43 - 2016-05-12 19:43 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2016-05-12 19:43 - 2016-05-12 19:43 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2016-05-12 19:43 - 2016-05-12 19:43 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2016-05-12 19:43 - 2016-05-12 19:43 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2016-05-12 19:43 - 2016-05-12 19:43 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2016-05-12 19:43 - 2016-05-12 19:43 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2016-05-12 19:43 - 2016-05-12 19:43 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2016-05-12 19:43 - 2016-05-12 19:43 - 00137976 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2016-05-12 19:43 - 2016-05-12 19:43 - 00120384 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 25816576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 20349952 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 15414784 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 13811200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 06052864 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 02893312 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 02285568 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2016-05-12 19:42 - 2016-05-12 19:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2016-05-12 19:42 - 2016-05-12 19:42 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2016-05-12 19:42 - 2016-05-12 19:42 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 07446368 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2016-05-12 19:41 - 2016-05-12 19:41 - 01763376 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 01489088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 01307328 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 01097728 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 00747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 00738096 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 00613624 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 00534016 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 00375296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.dll 2016-05-12 19:40 - 2016-05-12 19:40 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2016-05-12 19:40 - 2016-05-12 19:40 - 01549144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2016-05-12 19:40 - 2016-05-12 19:40 - 00074584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgr.sys 2016-05-10 13:31 - 2016-05-10 13:31 - 00003334 _____ C:\windows\System32\Tasks\AcerCloud 2016-05-05 12:53 - 2016-05-05 22:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-04-25 21:19 - 2016-04-25 21:19 - 00762162 _____ C:\Users\St\Desktop\IKK Gesundheitsbonus - Bonusantrag_St_1461611562.pdf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-22 20:29 - 2015-04-29 08:11 - 00027570 _____ C:\windows\system32\Drivers\fvstore.dat 2016-05-22 20:28 - 2015-02-10 23:25 - 01474832 _____ C:\windows\system32\Drivers\sfi.dat 2016-05-22 20:17 - 2016-02-15 11:42 - 02129096 _____ C:\windows\system32\PerfStringBackup.INI 2016-05-22 20:17 - 2014-12-27 13:35 - 01032654 _____ C:\windows\system32\perfh007.dat 2016-05-22 20:17 - 2014-12-27 13:35 - 00247986 _____ C:\windows\system32\perfc007.dat 2016-05-22 20:17 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf 2016-05-20 09:46 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-05-20 09:34 - 2015-03-05 12:55 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2016-05-19 20:35 - 2013-08-22 17:36 - 00000000 ____D C:\windows\rescache 2016-05-19 20:26 - 2015-08-20 21:43 - 00000000 ____D C:\windows\system32\appraiser 2016-05-19 20:26 - 2015-04-09 22:14 - 00000000 ___SD C:\windows\SysWOW64\GWX 2016-05-19 20:26 - 2015-04-09 22:14 - 00000000 ___SD C:\windows\system32\GWX 2016-05-19 20:26 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp 2016-05-19 20:25 - 2015-02-20 22:44 - 00000000 ____D C:\windows\system32\MRT 2016-05-19 20:18 - 2015-02-20 22:44 - 139319312 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2016-05-18 19:34 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI 2016-05-18 12:15 - 2014-12-27 06:06 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3148902193-1453853946-4009423498-1001 2016-05-18 10:31 - 2015-03-04 16:50 - 00012718 _____ C:\Users\St\Documents\SP.kdbx 2016-05-18 10:31 - 2015-02-10 23:46 - 00000000 ____D C:\Users\St\AppData\Roaming\KeePass 2016-05-17 21:27 - 2014-09-01 11:38 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2016-05-16 13:50 - 2015-02-10 23:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-05-16 13:50 - 2013-08-22 16:44 - 00370592 _____ C:\windows\system32\FNTCACHE.DAT 2016-05-15 13:49 - 2015-03-05 11:51 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-15 13:48 - 2015-11-25 21:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-15 13:32 - 2015-03-05 12:55 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2016-05-14 20:26 - 2014-03-18 11:45 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-11 22:08 - 2014-09-01 11:34 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2016-05-11 22:08 - 2014-09-01 11:34 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-10 20:21 - 2014-09-01 11:38 - 00003736 _____ C:\windows\System32\Tasks\ACC 2016-05-10 13:31 - 2015-07-20 08:21 - 00003442 _____ C:\windows\System32\Tasks\BacKGroundAgent 2016-05-10 13:31 - 2014-09-01 11:49 - 00000000 ___HD C:\OEM 2016-05-10 13:31 - 2014-09-01 11:38 - 00000000 ____D C:\Program Files (x86)\Acer 2016-05-10 13:30 - 2014-12-27 06:01 - 00000000 ____D C:\Users\St\AppData\Local\clear.fi 2016-05-03 11:28 - 2015-03-05 12:39 - 00000000 ____D C:\Users\St\Documents\[6] Weiterbildung 2016-05-03 09:28 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-05-03 09:28 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness 2016-05-02 10:09 - 2015-02-10 22:22 - 00000000 ____D C:\Users\St\AppData\Local\CrashDumps 2016-04-30 18:43 - 2006-12-04 01:26 - 00022016 _____ () C:\windows\system32\sugs2l6.dll 2016-04-30 18:43 - 2006-11-21 11:40 - 00089600 _____ (SS) C:\windows\system32\sugs2ci.dll 2016-04-30 18:43 - 2006-11-20 08:22 - 00151552 _____ (SS) C:\windows\system32\sugs2ci.exe 2016-04-27 23:10 - 2015-01-30 13:28 - 00851856 _____ (COMODO) C:\windows\system32\Drivers\cmdguard.sys 2016-04-27 23:10 - 2015-01-30 13:28 - 00138568 _____ (COMODO) C:\windows\system32\Drivers\inspect.sys 2016-04-27 23:10 - 2015-01-30 13:28 - 00045592 _____ (COMODO) C:\windows\system32\Drivers\cmdhlp.sys 2016-04-27 23:10 - 2015-01-30 13:28 - 00032224 _____ (COMODO) C:\windows\system32\Drivers\cmderd.sys 2016-04-27 23:05 - 2015-01-30 13:27 - 00051800 _____ (COMODO) C:\windows\system32\cmdcsr.dll 2016-04-27 23:04 - 2015-01-30 13:27 - 00596232 _____ (COMODO) C:\windows\system32\guard64.dll 2016-04-27 23:04 - 2015-01-30 13:27 - 00461648 _____ (COMODO) C:\windows\SysWOW64\guard32.dll 2016-04-27 23:00 - 2015-01-30 13:27 - 00365752 _____ (COMODO) C:\windows\system32\cmdvrt64.dll 2016-04-27 22:58 - 2015-01-30 13:27 - 00051896 _____ (COMODO) C:\windows\system32\cmdkbd64.dll 2016-04-27 22:55 - 2015-01-30 13:27 - 00296120 _____ (COMODO) C:\windows\SysWOW64\cmdvrt32.dll 2016-04-27 22:53 - 2015-01-30 13:27 - 00046776 _____ (COMODO) C:\windows\SysWOW64\cmdkbd32.dll 2016-04-26 22:34 - 2016-03-20 21:54 - 00000000 ____D C:\Users\St\Desktop\Micha 2016-04-26 22:28 - 2015-08-16 21:05 - 00000000 ____D C:\Users\St\AppData\Roaming\MyPhoneExplorer ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-05-22 20:21 - 2016-05-22 20:21 - 0000017 _____ () C:\Users\St\AppData\Local\resmon.resmoncfg 2014-12-27 05:19 - 2014-12-27 05:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\St\AppData\Local\Temp\AcerDocsSetup.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\windows\system32\winlogon.exe => Datei ist digital signiert C:\windows\system32\wininit.exe => Datei ist digital signiert C:\windows\explorer.exe => Datei ist digital signiert C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\windows\system32\svchost.exe => Datei ist digital signiert C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\windows\system32\services.exe => Datei ist digital signiert C:\windows\system32\User32.dll => Datei ist digital signiert C:\windows\SysWOW64\User32.dll => Datei ist digital signiert C:\windows\system32\userinit.exe => Datei ist digital signiert C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\windows\system32\rpcss.dll => Datei ist digital signiert C:\windows\system32\dnsapi.dll => Datei ist digital signiert C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-05-19 20:16 ==================== Ende von FRST.txt ============================ Hier die Addition.txt: --> musste ich gezippt anhängen, weil zu groß mit Code-Box / ungezippt. Ich danke schon einmal im Voraus für die Hilfe! Beste Grüße Troj |
22.05.2016, 21:26 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Hi und
__________________Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
23.05.2016, 20:47 | #3 |
| Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Hallo Cosinus,
__________________aber gern. Hier der 1. Teil der Addition.txt: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:22-05-2016 01 durchgeführt von St (2016-05-22 20:30:43) Gestartet von C:\Users\St\Downloads Windows 8.1 (X64) (2014-12-27 04:01:10) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3148902193-1453853946-4009423498-500 - Administrator - Disabled) Gast (S-1-5-21-3148902193-1453853946-4009423498-501 - Limited - Disabled) St (S-1-5-21-3148902193-1453853946-4009423498-1001 - Administrator - Enabled) => C:\Users\St ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated) Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated) Acer Hover Access (HKLM-x32\...\{02488282-6E9D-42B0-877E-2AA34580E578}) (Version: 1.00.3001 - Acer Incorporated) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.10.2001 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated) Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated) Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3006 - Acer Incorporated) Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated) Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated) Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.17.2002.1 - Acer Incorporated) COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.1.18829 - Landesfinanzdirektion Thüringen) Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2106 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3855 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) KeePass Password Safe 2.32 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.32 - Dominik Reichl) LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.3 - LG Electronics) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOK) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint 2007 (HKLM-x32\...\POWERPOINT) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft) Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger) PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH) PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF To Excel Converter V2.0 (HKLM-x32\...\PDF To Excel Converter_is1) (Version: - hxxp://www.PDFExcelConverter.com) PDF24 Creator 7.6.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39061 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7300 - Realtek Semiconductor Corp.) Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB) Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOK_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_WORD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {139F8F47-642D-4FD7-B260-F2BD3694D336} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2015-07-08] (Acer Incorporate) Task: {18F49891-51AC-45F8-965A-10A9405EBEB4} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>) Task: {217F18D3-0AA1-44B2-9FB8-66884FEF393D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-05-10] (Acer) Task: {2AEA86DB-B495-49FC-A848-77566CA3090F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-05-01] (COMODO) Task: {425394FB-DDFA-4C69-BE86-5039148C5292} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-30] (COMODO) Task: {4CF5C90D-2F80-4C9F-BB2E-5FF9D99C4848} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-05-10] (Acer Incorporated) Task: {54232B1F-8C62-46F0-AD6C-1EC7C8828921} - System32\Tasks\Acer Hover Access Trigger => HoverAccessLauncher.exe Task: {555BE116-E575-4603-8EFD-55FF581F68E8} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-05-01] (COMODO) Task: {56700778-4744-4D55-94D8-C642A6867ADA} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2014-12-27] (Acer Incorporated) Task: {59924F37-A6DD-461A-B6AA-B83A2AF04817} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated) Task: {5CC1DB33-42D2-4DA0-A3B5-5FDEAD18FC41} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2014-12-27] (Acer Incorporated) Task: {62493BBE-11A6-4EFF-B1BB-623E8DE355A2} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-05-01] (COMODO) Task: {64B5F89B-0EAD-40A1-AFAC-C6393AE2C7EC} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2014-12-27] (Acer Incorporated) Task: {69A51C98-D77B-4D1C-B7F8-F0920560FFF4} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-30] (COMODO) Task: {6FC50853-D25A-4926-9AA3-03B5B77E1A5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-05-15] (Adobe Systems Incorporated) Task: {71AD4C2D-9A2B-4EF2-AC49-FB154CA224B5} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2014-12-27] (Acer Incorporated) Task: {97BBCD57-80D4-4006-BB3A-B40EFE96C168} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-12-27] (Acer Incorporated) Task: {A1C3E35A-D40C-4D8F-BE2E-F58D11CF86FD} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-05-10] (Acer Incorporated) Task: {AD726C7B-3AAD-4F3D-95C3-F85E7DDF05AC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-15] (Adobe Systems Incorporated) Task: {BC9BD4BB-3730-48CB-98C1-BE1D6C857839} - System32\Tasks\{ECC4F8AC-52F4-48F4-BDDF-CCE0B8E7F31C} => pcalua.exe -a "C:\Program Files (x86)\Acer\abPhoto\abPhotoSetup.exe" -c -uninstall Task: {BCB1CC46-B0C6-4B44-9BEC-43389533A003} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-12-27] (Acer Incorporate) Task: {C1F8A30D-5711-4AF6-A718-ECD894423397} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-12-20] () Task: {E55C5107-1972-4CF7-B590-D592B493A149} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-05-01] (COMODO) Task: {F60F60D2-7B88-49A3-837B-4A9548E59404} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-05-10] () Task: {FB1A578B-7A7C-4B3D-AC5A-33E079E11954} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-12-27] (Acer Incorporate) Task: {FF9189C7-74DC-4222-8C51-552ECD86F848} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-05-10] () (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-02-03 21:34 - 2016-02-03 21:34 - 00192512 _____ () C:\windows\System32\zlhp1020.dll 2006-12-04 01:26 - 2016-04-30 18:43 - 00022016 _____ () C:\windows\System32\sugs2l6.dll 2016-02-03 21:34 - 2016-02-03 21:34 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\pphp1020.dll 2013-04-15 18:39 - 2016-03-16 12:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2014-04-29 03:38 - 2014-12-27 14:58 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-04-29 03:35 - 2014-12-27 14:58 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2014-04-29 03:42 - 2014-12-27 14:58 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2016-01-20 11:50 - 2016-05-10 20:21 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe 2014-12-27 05:16 - 2014-12-27 14:58 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-05-10 13:31 - 2016-05-10 13:31 - 00015064 _____ () C:\windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll 2016-04-18 16:13 - 2016-04-18 16:13 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll 2016-04-18 16:11 - 2016-04-18 16:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll 2016-04-20 14:57 - 2016-04-20 14:57 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll 2016-04-20 14:57 - 2016-04-20 14:57 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\windows\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\HelpPane.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\hh.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\regedit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\splwow64.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\twain_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\winhlp32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\write.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\acledit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\aclui.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\acmigration.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\acproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ActionCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ActionQueue.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\activeds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adhapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adhsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adsldp.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\adsldpc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adsnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\advpack.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\aecache.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\aeinv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\aelupsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\aepic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AepRoam.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\aitagent.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\aitstatic.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\alg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AltTab.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\apds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Apphlpdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\appidapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\appidcertstorecheck.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\appidpolicyconverter.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\appidsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\appinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\appraiser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppReadiness.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\appsruprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppxAllUserStore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppxApplicabilityEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppXDeploymentExtensions.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppXDeploymentServer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppxStreamingDataSourcePS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppxSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ARP.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\at.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AtBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\atl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\atlthunk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\attrib.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\audiodg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AudioEndpointBuilder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\auditcse.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AuthExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\authfwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AuthFWGP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AuthFWSnapin.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\AuthFWWizFwk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AuthHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AuthHostProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\autoconv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AutoWorkplaceN.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\avicap32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\avifil32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\avrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AxInstSv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AxInstUI.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AzSqlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\backgroundTaskHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BackgroundTransferHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\basecsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\basesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\batmeter.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\bcd.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\bcdboot.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bcdprov.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\bcdsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BCP47Langs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bdaplgin.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BdeHdCfgLib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bderepair.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bdesvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bdeui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BdeUISrv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bdeunlock.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BFE.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bidispl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BioCredProv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BitLockerWizardElev.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsigd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsprx2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsprx3.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsprx4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsprx5.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsprx6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsprx7.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\blb_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bootcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bootim.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BootMenuUX.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bootsect.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\bootux.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\brdgcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bridgeunattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BrokerLib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\browser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bthci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BthHFSrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BthMtpContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bthpanapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BthpanContextHandler.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BthRadioMedia.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bthserv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BthSQM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bthudtask.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\btpanui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BulkOperationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BWContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ByteCodeGenerator.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cabview.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cacls.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\calc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CallButtons.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CallButtons.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CameraSettingsUIHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\capisp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\catsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\catsrvps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cdosys.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certca.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certCredProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certenc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CertEnrollCtrl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CertEnrollUI.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certreq.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cfmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cfmifsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\chartv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\chcp.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CheckNetIsolation.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\chkdsk.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\chkntfs.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\chkwudrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\choice.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CHxReadingStringIME.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cipher.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CIRCoInst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\clb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\clbcatq.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cleanmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\clfsw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cliconfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cliconfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\clip.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CloudNotifications.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmcfg32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmd.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmdext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmdial32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmdkey.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\cmdl32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmlua.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmmon32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmpbk32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmstplua.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cngcredui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cnvfat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cofire.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cofiredm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\colbact.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\colorcpl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\colorui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comcat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\compact.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CompatTelRunner.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CompMgmtLauncher.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CompPkgSup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ComputerDefaults.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comrepl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comuid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\conhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\connect.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\ConnectedAccountState.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\consent.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\ConsentUX.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\console.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\control.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\convert.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\correngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CredentialMigrationHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CredentialUIBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\credssp.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\credui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\credwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptcatsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptdll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CryptoWinRT.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\crypttpmeksvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptui.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\cryptuiwizard.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptxml.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cscapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cscript.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\csrsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CSystemEventsBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ctfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cttune.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cttunesvr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d10.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d10core.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d10_1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d10_1core.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d11.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\d3d8thk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\D3DCompiler_47.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dab.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dabapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DAConn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dafBth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dafupnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dafWCN.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dafWfdProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DAFWSD.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DAMM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DaOtpCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\das.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dasHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dataclen.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\datusage.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\davhlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dbnetlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dbnmpntw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dccw.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dcomcnfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DDACLSys.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ddodiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DDOIProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DDORes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ddraw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ddrawex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DefaultDeviceManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DefaultPrinterProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Defrag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\defragproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\defragsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\desk.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\deskadp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\deskmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DevDispItemProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\deviceassociation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceDisplayStatusManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceDriverRetrievalClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceEject.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceElementSource.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DevicePairingProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DevicePairingWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceProperties.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\deviceregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceSetupManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceSetupManagerAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceSetupStatusProvider.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\DeviceUxRes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\devmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\devobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DevPropMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\devrtl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dfdts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DFDWiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dfp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DfpCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dfscli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DfsShlEx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dhcpcmonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dhcpcore.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dhcpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DHCPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dhcpsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DiagCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diagperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diagtrack.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\dialer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\difxapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dimsjob.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dinput.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dinput8.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\discan.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diskcomp.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diskcopy.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diskcopy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diskpart.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dispci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dispdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dispex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DisplaySwitch.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\djoin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dllhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dllhst3g.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmdlgs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmdskmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmintf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmloader.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmocx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DMRServer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmsynth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmusic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmvdsitf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmview.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dnscacheugc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dnsext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dnshc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dnsrslvr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\docprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\doskey.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Dot3Conn.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\dot3dlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3gpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3gpui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3hc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3mm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3msm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3svc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dpapimig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dpapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DpiScaling.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\driverquery.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drmv2clt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drtprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drttransport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drvcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drvinst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsauth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DscCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DscCoreConfProv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dskquota.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DsmUserTask.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsound.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsparse.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsquery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsrole.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dssec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dssenh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Dsui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dswave.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dtsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dui70.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\duser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dvdplay.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dvdupgrd.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dwm.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dwmredir.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DWWIN.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxgwdi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxmasf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DXP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxpps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Dxpserver.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DxpTaskSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxva2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Eap3Host.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eappcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eappprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eapprovp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EAPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eapsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\easconsent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EaseOfAccessDialog.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\easinvoker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\easinvoker.proxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efsadu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efslsaext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efsui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EhStorAuthn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EhStorPwdMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EhStorShell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\els.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ELSCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\elshyph.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\elslad.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\elsTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EncDump.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\energy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\energyprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\energytask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eqossnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\es.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\esentprf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EventAggregation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eventcls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eventcreate.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eventvwr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\expand.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\extrac32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Faultrep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdBth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdBthProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FdDevQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fde.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdPHost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdPnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdprint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdProxy.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\FDResPub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdSSDP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdWCN.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdWNet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdWSD.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\feclient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhautoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhcat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhcleanup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhengine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhevents.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhlisten.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhmanagew.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhshl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhsrchapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhsrchph.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhsvcctl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhtask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FileAppxStreamingDataSource.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\filemgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\find.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\findnetprinters.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\finger.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Firewall.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FirewallAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FirewallControlPanel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fltLib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fltMC.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Fondue.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fontview.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\forfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\format.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\framedyn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\framedynos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\frprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fsavailux.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fsquirt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fsutilext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fthsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ftp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fundisc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fvecerts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fvecpl.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\fvenotify.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fveskybackup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fveui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fvewiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSCOMEX.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSCOMPOSE.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSCOVER.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSMON.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSROUTE.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSST.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXST30.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSTIFF.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSUNATD.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSUTILITY.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gacinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gcdef.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\GdiPlus.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\generaltel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\getmac.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\getuname.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\glcndFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\glmf32.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\globinputhost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\glu32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gpedit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gpprnext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gpresult.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gptext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gpupdate.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Groupinghc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\grpconv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hcproviders.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hdwwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hdwwiz.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\help.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\HelpPaneProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hgprint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hhctrl.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hhsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hidphone.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hidserv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hnetcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hnetmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\HOSTNAME.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hotplug.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hotspotauth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\httpprxm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\httpprxp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\htui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hwrcomp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hwrreg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ias.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iasads.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iasdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iashlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IasMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iasnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iaspolcy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iasrad.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iassam.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iassdo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iassvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\icacls.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\icfupgd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\icm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\icmui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IconCodecService.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\icsigd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\icsunattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\icsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IdListen.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\idndl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IDStore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IEAdvpack.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ieetwcollector.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iertutil.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iesysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iexpress.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ifmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ifsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ifsutilx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\igdDiag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IKEEXT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imaadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imgutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\immersivetpmvscmgrsvr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\inetpp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\inetppui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\InfDefaultInstall.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\input.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\InputSwitch.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\invagent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ipconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iphlpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ipnathlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iprtprio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iprtrmgr.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\ipsecsnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\irclass.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\irftp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\irmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\irprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsicli.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsicpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsicpl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsidsc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsied.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsiexe.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\iscsium.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsiwmiv2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\itircl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\itss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iuilp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\jnwmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\joy.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\jscript9.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDBASH.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDRUM.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDTT102.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KdsCli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kdusb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kd_02_8086.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\keepaliveprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kernel.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kernelceip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\keyiso.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\keymgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\klist.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kmddsp.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KMSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\korwbrkr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ksetup.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ktmutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ktmw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\l2gpstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\l2nacp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\L2SecHC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\l3codeca.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\l3codecp.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\label.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LangCleanupSysprepAction.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LAPRXY.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LaunchTM.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\licmgr10.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\linkinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ListSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\livessp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LldpNotify.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lltdapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lltdsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\lmhsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\loadperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\localspl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\localui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LocationApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LocationNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Locator.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LockScreenContent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LockScreenContentHost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LockScreenContentServer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\logagent.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\loghours.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LogonUI.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lpkinstall.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lpksetup.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lpksetupproxyserv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lpremove.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lsass.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lsm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Magnification.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Magnify.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MaintenanceUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\makecab.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\manage-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MbaeApi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MbaeParserTask.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MbaeXmlParser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mblctr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mbsmsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mbussdapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mciavi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mcicda.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mciqtz32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mciseq.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mciwave.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\McxDriv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MDEServer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MDMAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mdminst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MdRes.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MdSched.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MemoryDiagnostic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mf3216.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfAACEnc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfc42.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfc42u.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfcsubs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfdvdec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfh264enc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfmjpegdec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mftranscode.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mgmtapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mibincodec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\microsoft-windows-system-events.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\midimap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\migflt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\miguiresource.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mimefilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mimofcodec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MirrorDrvCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\miutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mlang.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmcbase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmcico.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmcndmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmcshext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmcss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MMDevAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mode.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\modemui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\montr_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\more.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mountvol.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Mpeg2Data.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mpnotify.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mpr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mprext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mprmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MPSSVC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MRINFO.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MrmIndexer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msaatext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msacm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msacm32.drv:$CmdTcID [32] AlternateDataStreams: C:\windows\system32\msadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSAudDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msauserext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mscandui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mscat32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msched.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSchedExe.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mscms.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msctfime.ime:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MsCtfMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msctfp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msctfui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msctfuimanager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdadiag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdart.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdelta.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdri.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdtc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdtckrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdtclog.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdtctm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdtcuiu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSDvbNP.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdxm.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msfeedsbs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msfeedssync.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msg711.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msgsm32.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mshta.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MsiCofire.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msidcrl40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msident.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msidle.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msieftp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msiltcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msimg32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msimtf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msinfo32.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\msisip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msiwer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mskeyprotcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mskeyprotect.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msls31.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msoeacct.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msoert2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mspaint.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mspatcha.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mspatchc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msports.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msra.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msrahc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msrating.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msrdc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MsRdpWebAccess.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msscntrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mssha.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msshooks.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mssign32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mssip32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mssitlb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MsSpellCheckingFacility.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MsSpellCheckingHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mssprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msTextPrediction.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msutb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msvcirt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msvcp60.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msvfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msvidc32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSVideoDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSWB7.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSWB70011.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSWB7001E.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSWB70404.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSWB70804.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mswmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msxml6.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mtstocom.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mtxdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mtxex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MUILanguageCleanup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MuiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MultiDigiMon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mycomput.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\napdsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NapiNSP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\napipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NAPMONTR.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NAPSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Narrator.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nbtstat.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NcaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NcaSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncbservice.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NcdAutoSetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NcdProp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncobjapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncpa.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncryptprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncryptsslp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncsi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncuprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nddeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndfapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndfetw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndfhcdiscovery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndiscapCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndishc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NdisImPlatform.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nduprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\negoexts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\net.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\net1.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netbios.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netcorehc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NetEvtFwdr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netiougc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netman.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Netplwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netprofm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netprofmsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netprovisionsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NetSetupApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netsh.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NETSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nettrace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NetVscCoinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\networkitemfactory.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NetworkStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\newdev.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\newdev.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ninput.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NL7Data0011.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NL7Data001E.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NL7Data0404.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NL7Data0804.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlahc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlhtml.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlmgp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlmsprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0000.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0002.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0003.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0007.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0009.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData000a.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\NlsData000c.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData000d.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData000f.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0010.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0018.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData001a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData001b.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData001d.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0020.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0021.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0022.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0024.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0026.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0027.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData002a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0039.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\NlsData003e.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0045.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0046.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0047.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0049.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData004a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData004b.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData004c.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData004e.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0414.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0416.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0816.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData081a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0c1a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Nlsdl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsLexicons0009.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nltest.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\normaliz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\npmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nrpsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nshhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nshipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nsi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nsisvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntdsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntlanui2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntmarta.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbcad32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbcbcp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbcconf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbctrac.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OEMLicense.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\offfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ogldrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\oleacchooks.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\oledlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\oleprn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\openfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\opengl32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OpenWith.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OptionalFeatures.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\osbaseln.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OskSupport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\osuninst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\P2P.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\P2PGraph.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\p2pnetsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\p2psvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\panmap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PATHPING.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pautoenr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcacli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcadm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcalua.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcaui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcaui.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\PCPKsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PCPTpm12.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcsvDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcwrun.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcwutl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pdfcmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pdhui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfproc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perftrack.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\photowiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PickerHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PING.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pla.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\plasrv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\playlistfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PlaySndSrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PlayToStatusProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ploptin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pngfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnidui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnpclean.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnppolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnpts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnpui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PnPUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PnPutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PNPXAssoc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PNPXAssocPrx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnrpauto.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Pnrphc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnrpnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnrpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PortableDeviceClassExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PortableDeviceConnectApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\PortableDeviceTypes.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\PortableDeviceWiaCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PortableDeviceWMDRM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pots.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\powercfg.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\powercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\powrprof.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\print.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PrintDialogHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PrintDialogs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\printfilterpipelineprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\printfilterpipelinesvc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PrintIsolationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PrintIsolationProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\printui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\printui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\prncache.dll:$CmdTcID [64] |
23.05.2016, 20:49 | #4 |
| Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Teil 2: Code:
ATTFilter AlternateDataStreams: C:\windows\system32\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\prnntfy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\procinst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\profapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\profext.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\profprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\profsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\profsvcext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\proquota.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\provcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\provthrd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ProximityCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ProximityCommonPal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ProximityRtapiPal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ProximityService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ProximityServicePal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ProximityUxHost.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\prvdmofcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\psapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PSModuleDiscoveryProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\psmsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\psr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pstask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pstorec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\puiapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PurchaseWindowsLicense.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\PurchaseWindowsLicense.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pwlauncher.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pwlauncher.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pwsso.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\QAGENTRT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qmgrprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\QSHVHOST.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Query.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\QUTIL.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qwave.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\racpldlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\radardt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\radarrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RADCUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasadhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasauto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasautou.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rascfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\raschapext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rascustom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasdiag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasdial.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\raserver.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasgcw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasman.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasmans.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasmbmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RASMM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasmontr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasmxs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasphone.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasplap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rastls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rastlsext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdbui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpcfgex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpclip.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpcorets.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpendp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpinput.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RdpSa.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RdpSaProxy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RdpSaPs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RdpSaUacHelper.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpudd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdrleakdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RDSAppXHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdsdwmdr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RDSPnf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdvidcrl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdvvmtransport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ReAgentTask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\recimg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\recover.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\recovery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RecoveryDrive.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\reg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\regapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RegCtrl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\regedt32.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\regidle.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\regini.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Register-CimProvider.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\regsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\regsvr32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ReInfo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rekeywiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RelPost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\remotepg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\remotesp.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RemoveDeviceContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RemoveDeviceElevated.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\repair-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\replace.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\reseteng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\resmon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RestoreOptIn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rfxvmt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rgb9rast.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Ribbons.scr:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RMActivate.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RMActivate_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RMapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RmClient.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rmttpmvscmgrsvr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rnr20.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RoamingSecurity.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RotMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ROUTE.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RpcEpMap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RpcNs4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rpcnsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RpcPing.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RpcRtRemote.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rpcss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rsaenh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rshx32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RstrtMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rstrui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rtffilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rtm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\runas.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rundll32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RunLegacyCPLElevated.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RuntimeBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\samsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sas.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sbeio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SCardDlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SCardSvr.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\scavengeui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sccls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ScDeviceEnum.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scesrv.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\scext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\schedsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\schtasks.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scksp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scripto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scrnsave.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scrobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scrrun.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdbinst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdchange.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdclt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdhcinst.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\sdiageng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdiagnhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdiagprv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdiagschd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SearchFilterHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SecEdit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\secinit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\seclogon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\secproc_ssp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Sens.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SensApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SensorsClassExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SensorsCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sensrsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\serialui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\serwvdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sessionmsg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\setbcdlocale.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SetNetworkLocation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SetProxyCredential.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\setspn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SettingMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SettingsHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SettingSyncCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SettingSyncHost.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\SettingSyncPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\setupcln.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\setx.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sfc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sfc_os.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sharemediacpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SHCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shdocvw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shlwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shpafact.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shrpubw.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shutdown.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shwebsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\signdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sigverif.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SimAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SimCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SkyDrive.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SkyDriveShell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SkyDriveTelemetry.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SlideToShutDown.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\slpts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SmartCardSimulator.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SmartScreenSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SMBHelperClass.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\smbwmiv2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SmsDeviceAccessRevocation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SMSRouter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SnippingTool.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\snmpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\snmptrap.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SNTSearch.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\softkbd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\softpub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sort.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SortServer2003Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SortWindows61.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SortWindows6Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SoundRecorder.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SpaceAgent.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\SpaceControl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spbcd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spfileq.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SPInf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spmpm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spoolss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spoolsv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spopk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sppnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spwinsat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spwmp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sqlcecompact40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sqlceoledb40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sqlceqp40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sqlcese40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sqlsrv32.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srchadmin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srrstr.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\SrTasks.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\srumapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srumsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srvsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sscore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sscoreext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ssdpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ssdpsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sspisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SSShim.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sstpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Startupscan.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\stclient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sti.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\StikyNot.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sti_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\StorageContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\storewuauth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Storprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\streamci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SubscriptionMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\subst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sugs2ci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sugs2ci.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sugs2l6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\svchost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\svsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\swprv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sxproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sxshared.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sxssrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sxsstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sxstrace.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SyncEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SyncHostps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SyncInfrastructure.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SyncInfrastructureps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Syncreg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\syncui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sysclass.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sysdm.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SysFxUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\syskey.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sysmain.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sysmon.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sysntfy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SysResetErr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\syssetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemEventsBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\systeminfo.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesAdvanced.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesComputerName.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesHardware.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesPerformance.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesProtection.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesRemote.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\systemreset.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemSettings.Handlers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemSettingsRemoveDevice.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\systray.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\t2embed.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Tabbtn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TabbtnEx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tabcal.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TabletPC.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TabSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tapi3.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tapilua.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TapiMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tapiperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TapiSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TapiUnattend.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\taskbarcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\taskhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\taskhostex.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\taskkill.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tasklist.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TaskSchdPS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tbs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tcmsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tcpipcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TcpipSetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tcpmib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tcpmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tcpmonui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TCPSVCS.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tdc.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tdh.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\telephon.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\termmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\termsrv.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\TetheringIeProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TetheringMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TetheringStation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\themeservice.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\themeui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\threadpoolwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ThumbnailExtractionHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TimeBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TimeBrokerServer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TimeDateMUICallback.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\timeout.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TimeSyncTask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tpmcompc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TpmInit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TpmTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tpmvsc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tpmvscmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tpmvscmgrsvr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TRACERT.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\traffic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tree.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\trkwks.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tsbyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TSChannel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TSTheme.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TsWpfWrp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TtlsAuth.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\TtlsCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TtlsExt.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\tvratings.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\twinapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\txflog.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\txfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tzsync.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ubpm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ucmhc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ucrtbase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\udhisapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uDWM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uexfat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ufat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UI0Detect.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uicom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uireng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ulib.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\umb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\umdmxfrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\umpnpmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\umpo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\umpoext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\umpowmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\umrdp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\unattend.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uniplat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\unlodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\unregmp2.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\untfs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\upnpcont.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\upnphost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ureg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\url.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\usbaaplrc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\usbceip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\usbmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\usbperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\usbui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UserAccountBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UserAccountControlSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\userinit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\userinitext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UserLanguageProfileCallback.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UserLanguagesCpl.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ustprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UtcResources.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\utildll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Utilman.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uudf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UXInit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uxtheme.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VAN.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vaultcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VaultCmd.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VaultRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vaultsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vbisurf.ax:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vds.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vdsbas.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vdsdyn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vdsldr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vdsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vdsvd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vds_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\verclsid.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\verifier.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\verifier.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\version.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vfwwdm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vidcap.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\virtdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vmbuspipe.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VmdCoinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vmictimeprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vmrdvcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vpnike.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vpnikeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VscMgrPS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vssadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vsstrace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vss_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\w32time.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\w32tm.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\w32topl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WABSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\waitfor.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WallpaperHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WavDest.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wbadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wbemcomn.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\wbengine.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wbiosrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wcmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wcmcsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wcmsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WcnApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wcncsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WcnEapAuthProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WcnEapPeerProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WcnNetsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wcnwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WcsPlugInService.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\wdc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WdfCoInstaller01007.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WdfCoInstaller01007.dll:$CmdZnID [26] AlternateDataStreams: C:\windows\system32\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wdiasqmmodule.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wdscore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WebcamUi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Websocket.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wecapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wecsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wecutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wephostsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\werconcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wercplsupport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\werdiagcontroller.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WerFault.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WerFaultSecure.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wermgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wersvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wevtapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wevtfwd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wevtutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wextract.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wfdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WfHC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WFS.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\where.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\whhelper.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\whoami.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiaacmgr.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\wiaaut.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiadefui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiadss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiarpc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiascanprofiles.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiaservc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiashext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiatrace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wimgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wimserv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winbici.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winbio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winbrand.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Windows.ApplicationModel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Background.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Background.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Custom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Custom.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Enumeration.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Portable.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Sensors.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Globalization.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Graphics.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Graphics.Printing.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.Devices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.Renewal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.Streaming.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.Proximity.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.Vpn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Storage.Compression.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.System.Display.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.System.RemoteDesktop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Web.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WindowsAnytimeUpgradeui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WindowsCodecsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\windowslivelogin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winethc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinFax.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wininit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wininitext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Winlangdb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winlogonext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winmm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winmmbase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinMsoIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winnsi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinOpcIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winresume.efi:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winrnr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winrs.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winrscmd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winrshost.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\winrssrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinRtTracing.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\WinSAT.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinSetupUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winshfhc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winsku.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winsockhc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WINSRPC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinSyncMetastore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinSyncProviders.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winusb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinUSBCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinUSBCoInstaller.dll:$CmdZnID [26] AlternateDataStreams: C:\windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winver.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wisp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\witnesswmiv2provider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wkscli.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\wkspbroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wkspbrokerAx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wksprt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wksprtPS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wkssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlanapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WLanConn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlandlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlanext.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WLanHC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlanhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlaninst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WlanMM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlanmsm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WlanRadioManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlansec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlansvcpal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Wldap32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wldp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlgpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlidcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlidcredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlidfdp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlidnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlidprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlrmdr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WlS0WndH.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMASF.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmcodecdspps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmdmlog.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmdmps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmdrmnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmiclnt.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\wmicmiplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmidcom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmidx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmiprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmitomi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WmpDui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmpmde.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmsgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMSPDMOE.DLL:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmvdspa.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WofTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WofUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\workerdd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WorkFolders.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WorkfoldersControl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WorkFoldersGPExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WorkFoldersShell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\workfolderssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wow64.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wow64cpu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wowreg32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpccpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WpcMon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WpcWebSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpdbusenum.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WpdMtp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WpdMtpUS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WPDShextAutoplay.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WPDShServiceObj.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpd_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpncore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpninprc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpnpinst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpnprv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpnsruprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\write.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ws2help.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscisvif.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSClient.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\WSCollect.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscript.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscui.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSDMon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSDPrintProxy.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSDScanProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsepno.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshcon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wship6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshnetbs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshqos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSHTCPIP.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WsmAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WsmAuto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsmplpxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsmprovhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsnmp32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsock32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsqmcons.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSReset.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wtsapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wu.upgrade.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wuaext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wucltux.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUDFCoinstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUDFHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUDFPlatform.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUDFSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUDFx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUDFx02000.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wups2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUSettingsProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WwaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwanconn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WWanHC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwaninst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwanmm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Wwanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwanprotdim.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WwanRadioManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XAudio2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xcopy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XInput1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XInput9_1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xmlfilter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xmlprovi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XpsFilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XpsGdiConverter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XpsPrint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xpsrchvw.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XPSSHHDR.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xpssvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xwizard.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xwizards.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xwreg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xwtpdui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xwtpw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ZLhp1020.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ZSHP1020.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\zshp1020s.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\acledit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ActionCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\activeds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\adsldp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\adsldpc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\adsmsext.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\adsnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\advpack.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\apds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Apphlpdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\appidapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AppxAllUserStore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ARP.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\at.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AtBroker.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\atl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\atlthunk.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\attrib.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\audiodev.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AuthExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\authfwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AuthFWGP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AuthFWWizFwk.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\autoconv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\avicap32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\avifil32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\avrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AzSqlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\backgroundTaskHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\BackgroundTransferHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\basecsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\batmeter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bcd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\BCP47Langs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bdaplgin.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bidispl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\BioCredProv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsprx2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsprx3.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsprx4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsprx5.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsprx6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsprx7.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bootcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bthudtask.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\btpanui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\BWContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ByteCodeGenerator.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cabview.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cacls.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\calc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CallButtons.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\capisp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\catsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\catsrvps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cdosys.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certca.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certCredProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certenc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CertEnrollCtrl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CertEnrollUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certreq.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cfmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cfmifsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\chartv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\chcp.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CheckNetIsolation.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\chkdsk.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\chkntfs.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\choice.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CHxReadingStringIME.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cipher.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\clb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\clbcatq.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cleanmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\clfsw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cliconfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cliconfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\clip.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CloudNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmcfg32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmd.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmdext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmdial32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmdkey.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmdl32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmlua.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmmon32.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\cmpbk32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmstplua.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cngcredui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cnvfat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\colbact.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\colorcpl.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\colorui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comcat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\compact.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CompPkgSup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\compstui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ComputerDefaults.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comrepl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comuid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\connect.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ConnectedAccountState.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\console.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\control.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\convert.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CredentialUIBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\credui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\credwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptbase.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\cryptdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptdll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CryptoWinRT.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\crypttpmeksvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptui.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\cryptuiwizard.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptxml.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cscript.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ctfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cttune.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\cttunesvr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d10.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d10core.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d10_1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d10_1core.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d8.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d8thk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3dim.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3dim700.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3dramp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3dxof.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dabapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dataclen.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\davhlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dbnetlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dbnmpntw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dccw.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dcomcnfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DDACLSys.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ddodiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DDOIProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DDORes.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\ddraw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ddrawex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DefaultDeviceManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\delegatorprovider.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\desk.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\deskadp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\deskmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DevDispItemProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\deviceassociation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DevicePairingProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DevicePairingWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DeviceProperties.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DeviceSetupStatusProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DeviceUxRes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\devmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\devobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\devrtl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dfscli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DfsShlEx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dhcpcmonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dhcpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dhcpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DHCPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dhcpsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dialer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\difxapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dimsjob.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dinput.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dinput8.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\diskcomp.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\diskcopy.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\diskcopy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\diskpart.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dispex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DisplaySwitch.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dllhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dllhst3g.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmband.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmcompos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmdlgs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmdskmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmime.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmintf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmloader.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmocx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmscript.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmstyle.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmsynth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmusic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmvdsitf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmview.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\docprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\doskey.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3dlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3gpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3gpui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3hc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3msm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dpapimig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DpiScaling.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\driverquery.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drmv2clt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drtprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drttransport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drvinst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsauth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dskquota.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsound.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsparse.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsquery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsrole.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dssec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dssenh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Dsui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dswave.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dtsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dui70.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\duser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dvdplay.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\dvdupgrd.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DWWIN.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxmasf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DxpTaskSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxva2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eappcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eappprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eapprovp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\EAPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\efsadu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\efsui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\efsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\EhStorAuthn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\EhStorPwdMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\els.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ELSCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\elshyph.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\elslad.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\elsTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eqossnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\es.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\esentprf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\esentutl.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eventcls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eventcreate.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eventvwr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\expand.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\extrac32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Faultrep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdBth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdBthProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FdDevQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fde.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdPnp.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\fdprint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdSSDP.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\fdWCN.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdWNet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdWSD.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\feclient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\filemgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\find.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\findnetprinters.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\finger.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FirewallAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fltLib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fltMC.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Fondue.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fontview.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\forfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\format.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\framedyn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\framedynos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\frprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fsutilext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ftp.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\fundisc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FXSAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FXSCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FXSCOMEX.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FXSEXT32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FXSXP32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gcdef.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\getmac.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\getuname.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\glcndFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\glmf32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\globinputhost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\glu32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gpedit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gpprnext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gpresult.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gptext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gpupdate.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\grpconv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hcproviders.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hdwwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hdwwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\help.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\HelpPaneProxy.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hh.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hhctrl.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hhsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hidphone.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hidserv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hnetcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hnetmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\HOSTNAME.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\htui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ias.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iasads.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iasdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iashlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\IasMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iasnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iaspolcy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iasrad.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iassam.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iassdo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iassvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\icacls.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iccvid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\icm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\icmui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\IconCodecService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\icsigd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\icsunattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\idndl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\IDStore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\IEAdvpack.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iesysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iexpress.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ifmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ifsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ifsutilx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imaadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imgutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\InfDefaultInstall.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\input.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\InputSwitch.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\instnm.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ipconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iprtprio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iprtrmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ipsecsnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ir32_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ir41_32.ax:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\ir41_qc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ir41_qcx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ir50_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ir50_qc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ir50_qcx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\irclass.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\irprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsicli.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsicpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsicpl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsidsc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsied.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsium.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsiwmiv2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\itircl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\itss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\joy.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDRUM.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDTT102.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\kernel.appcore.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\keyiso.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\keymgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\kmddsp.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\korwbrkr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ktmutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ktmw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\l2gpstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\l2nacp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\L2SecHC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\l3codeca.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\l3codecp.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\label.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\LAPRXY.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\LaunchTM.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\licmgr10.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\linkinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\loadperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\LocationApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\LocationNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\lodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\logagent.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\loghours.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Magnification.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Magnify.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\makecab.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MbaeApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mbsmsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mbussdapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mciavi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mcicda.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mciqtz32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mciseq.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mciwave.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mdminst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mf.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\mf3216.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfAACEnc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfc42.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfc42u.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64] |
23.05.2016, 20:51 | #5 |
| Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Teil 3: Code:
ATTFilter AlternateDataStreams: C:\windows\SysWOW64\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfcsubs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfdvdec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfh264enc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfmjpegdec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mftranscode.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mgmtapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mibincodec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\midimap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\miguiresource.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mimefilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mimofcodec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MirrorDrvCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\miutils.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\mlang.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\mmc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mmcbase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mmci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mmcico.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mmcndmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mmcshext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MMDevAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mode.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\modemui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\more.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mountvol.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Mpeg2Data.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mpr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mprext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mprmsg.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\MRINFO.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MrmIndexer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msaatext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msacm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msacm32.drv:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSAudDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mscandui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mscat32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mscms.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mscpxl32.dLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msctfime.ime:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MsCtfMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msctfp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msctfui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msctfuimanager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdadiag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdart.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdelta.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdtcuiu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSDvbNP.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdxm.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msfeedsbs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msfeedssync.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msg711.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msgsm32.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mshta.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msidcrl40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msident.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msidle.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msieftp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msiltcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msimg32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msimtf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msinfo32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msisip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msiwer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mskeyprotcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mskeyprotect.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msls31.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msoeacct.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msoert2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msorcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mspaint.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\mspatcha.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mspatchc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msports.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msra.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msrating.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\msrdc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msscntrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msscript.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mssha.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msshooks.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mssign32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mssip32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mssitlb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mssphtb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mssprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msutb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msvcirt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msvcp60.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msvfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msvidc32.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSVideoDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSWB7.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSWB70011.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSWB7001E.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSWB70404.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSWB70804.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mswmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msxml6.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mtstocom.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mtxdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mtxex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mtxlegih.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MuiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mycomput.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\napdsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NapiNSP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\napipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NAPMONTR.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NAPSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Narrator.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NcaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NcdProp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ncobjapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\ncpa.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ncryptprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ncryptsslp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nddeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndfapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndfetw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndfhcdiscovery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndiscapCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndishc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\negoexts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\net.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\net1.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netbios.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netcorehc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netiougc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Netplwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netprofm.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\netprovisionsp.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\netsh.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NETSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\networkitemfactory.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\newdev.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\newdev.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ninput.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NL7Data0011.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NL7Data001E.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NL7Data0404.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NL7Data0804.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nlaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nlhtml.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nlmgp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nlmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nlmsprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0000.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0002.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0003.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0007.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0009.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData000a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData000c.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\NlsData000d.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData000f.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0010.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0018.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData001a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData001b.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData001d.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0020.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0021.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0022.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0024.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0026.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0027.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData002a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0039.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData003e.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0045.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0046.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0047.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0049.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData004a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData004b.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData004c.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData004e.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0414.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0416.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0816.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData081a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0c1a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Nlsdl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\normaliz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\npmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nshhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nshipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nsi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntdsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntlanui2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntmarta.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbcad32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbcbcp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbcconf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbcji32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbcjt32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbctrac.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\oddbse32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odexl32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odfox32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odpdx32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odtext32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\OEMLicense.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\offfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ogldrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\oleacchooks.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\olecli32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\oledlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\oleprn.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\olesvr32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\olethk32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\openfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\opengl32.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\OpenWith.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\osbaseln.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\OskSupport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\osuninst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\P2P.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\P2PGraph.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\p2pnetsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\panmap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PATHPING.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pautoenr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pcacli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pcaui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pcaui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PCPKsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PCPTpm12.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pdhui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfproc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\photowiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PickerHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pid.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\PING.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pla.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\playlistfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PlaySndSrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PlayToStatusProvider.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\pngfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pnrpnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pots.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\powercfg.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\powercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\powrprof.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\print.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PrintConfig.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PrintDialogs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\printui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\printui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\prncache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\prnntfy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\profapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\profext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\proquota.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\provcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\provthrd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ProximityCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ProximityCommonPal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ProximityRtapiPal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\prvdmofcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\psapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\psr.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\pstorec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\puiapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\qmgrprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\QSHVHOST.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Query.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\QUTIL.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\qwave.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\racpldlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\radardt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\radarrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RADCUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasadhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasautou.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rascfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\raschapext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasdiag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasdial.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\raserver.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasgcw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasman.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasmontr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasmxs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasphone.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasplap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rastls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rastlsext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rdpendp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RdpSa.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RdpSaProxy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RdpSaPs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RdpSaUacHelper.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rdrleakdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rdvvmtransport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\recover.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\reg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\regapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RegCtrl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\regedit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\regedt32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\regini.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Register-CimProvider.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\regsvr32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ReInfo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rekeywiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\remotepg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\remotesp.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\replace.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\resmon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RestoreOptIn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Ribbons.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RMActivate.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\RMActivate_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RmClient.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rnr20.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ROUTE.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RpcNs4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rpcnsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RpcPing.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RpcRtRemote.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rsaenh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rshx32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RstrtMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rtffilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rtm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\runas.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rundll32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sas.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sbeio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SCardDlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\schtasks.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scksp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scripto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scrnsave.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scrobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scrrun.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sdbinst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sdchange.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sdiageng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sdiagnhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sdiagprv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sdohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SearchFilterHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SecEdit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\secinit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\secproc_ssp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\secur32.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SensApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SensorsCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\serialui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\serwvdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SettingMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SettingSyncCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SettingSyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\setup16.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\setupcln.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\setx.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sfc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sfc_os.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SHCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shdocvw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shlwapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\shpafact.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shrpubw.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shutdown.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shwebsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\signdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SimAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SimCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SkyDriveShell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\slpts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SmartScreenSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SMBHelperClass.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\snmpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\softkbd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\softpub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sort.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SortServer2003Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SortWindows61.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SortWindows6Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spbcd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spfileq.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SPInf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spopk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spwinsat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spwmp.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\sqlcecompact40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sqlceoledb40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sqlceqp40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sqlcese40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sqlsrv32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\srchadmin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\srumapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\srumsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sscore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ssdpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SSShim.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Startupscan.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\stclient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sti.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\StorageContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Storprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\subst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\svchost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sxproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sxshared.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sxsstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sxstrace.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SyncHostps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SyncInfrastructure.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SyncInfrastructureps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Syncreg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\syncui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sysdm.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\syskey.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sysmon.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\syssetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\systeminfo.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\systray.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\t2embed.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tapi3.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TapiMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tapiperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TapiSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TapiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\taskkill.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tasklist.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TaskSchdPS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tbs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tcmsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tcpipcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tcpmib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tcpmonui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TCPSVCS.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tdc.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tdh.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\telephon.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\termmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\themeui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\threadpoolwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TimeBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TimeDateMUICallback.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\timeout.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tpmcompc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TpmInit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TRACERT.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\traffic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tree.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tsbyuv.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\TSChannel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TSTheme.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TtlsAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TtlsCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TtlsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tvratings.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\twinapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\txflog.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\txfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ucmhc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ucrtbase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\udhisapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uexfat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ufat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uicom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uireng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ulib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\umdmxfrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uniplat.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\unlodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\unregmp2.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\untfs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\upnpcont.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\upnphost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ureg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\url.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\usbceip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\usbperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\usbui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\user.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UserAccountBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UserAccountControlSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\userinit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\userinitext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ustprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\utildll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Utilman.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uudf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UXInit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uxtheme.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\VAN.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vaultcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vbisurf.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vdmdbg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vds_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\verclsid.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\verifier.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\verifier.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\version.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vfwwdm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vidcap.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\virtdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vpnikeapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\VscMgrPS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vssadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vsstrace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vss_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\w32tm.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\w32topl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WABSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\waitfor.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wbemcomn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wcmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WcnApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wcnwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wdc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wdigest.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wdscore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WebcamUi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Websocket.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wecapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wecutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\werdiagcontroller.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WerFault.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WerFaultSecure.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wermgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wevtapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wevtfwd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wevtutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wextract.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wfdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WfHC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\where.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\whhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\whoami.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiaacmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiaaut.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiadefui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiadss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiascanprofiles.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiashext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiatrace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wimgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winbio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winbrand.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Background.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Globalization.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Graphics.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.System.Display.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.UI.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Web.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WindowsCodecsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\windowslivelogin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinFax.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wininitext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Winlangdb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winmm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winmmbase.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winnsi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winrnr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winrs.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winrscmd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winrshost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winrssrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinRtTracing.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winshfhc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winsku.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winsockhc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WINSRPC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinSyncMetastore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinSyncProviders.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winusb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winver.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wisp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wkspbrokerAx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wksprtPS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlanapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WLanConn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlandlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlanext.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlanhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlaninst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WlanMM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlanmsm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlansec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Wldap32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlgpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlidcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlidcredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlidfdp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlidnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlidprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WlS0WndH.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMADMOE.DLL:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\WMASF.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmcodecdspps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmdmlog.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmdmps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmdrmnet.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmiclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmidcom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmidx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmiprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmitomi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WmpDui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmsgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmvdspa.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wow32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wowreg32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WPDShextAutoplay.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\write.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ws2help.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wscapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wscisvif.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wscproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wscript.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wscui.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshbth.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\wshcon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wship6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshqos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSHTCPIP.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WsmAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WsmAuto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wsnmp32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wsock32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wtsapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WwaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XAudio2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xcopy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XInput1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XInput9_1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xmlfilter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xmlprovi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XpsFilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XpsPrint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xpsrchvw.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XPSSHHDR.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xpssvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xwizard.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\xwizards.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xwreg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xwtpdui.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\xwtpw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\acpi.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\afd.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\agilevpn.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\appid.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\bridge.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\bthenum.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\bthpan.sys:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Drivers\bthport.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\BTHUSB.SYS:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\Classpnp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\clfs.sys:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Drivers\cng.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\disk.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\drmk.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\drmkaud.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\dumpsd.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\fltMgr.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\fsdepends.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\hdaudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\hidbth.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\intelpep.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\IPMIDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ks.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ksecdd.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\lgandnetbus64.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\lgandnetdiag64.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\lgandnetmodem64.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\LMDriver.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mountmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mpsdrv.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Drivers\msgpioclx.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mslldp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ndiscap.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\NdisImPlatform.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ndistapi.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ndproxy.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\Ndu.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\netbios.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\netio.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\netvsc63.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\nsiproxy.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ntfs.sys:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Drivers\nwifi.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\pacer.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\partmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\pci.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\pdc.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\portcls.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\qwavedrv.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\RadioShim.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rasacd.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rasl2tp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rassstp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\refs.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rfcomm.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rmcast.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rootmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\scfilter.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\sdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\spaceport.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\srv.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\srv2.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\srvnet.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ssudmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\storport.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\swenum.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\tbs.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\tdx.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\tpm.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\TsUsbGD.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\tunnel.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\UCX01000.SYS:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usb8023.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbaapl64.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbccgp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbcir.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbd.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbehci.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbhub.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\USBHUB3.SYS:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbohci.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbport.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbuhci.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbvideo.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\USBXHCI.SYS:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\vhdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\vmbkmcl.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\vmbus.sys:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Drivers\vmstorfl.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\volmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\volsnap.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\vpci.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\wanarp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\wdcsam64.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\wfplwfs.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\wimmount.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\winhv.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\winusb.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\wpcfltr.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\WUDFPf.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\WUDFRd.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\St\Downloads\FRST64.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\St\Downloads\FRST64.exe:$CmdZnID [26] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img10.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{3A692BFA-6671-4D19-B2AF-78D6340075F1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{4D0C4527-C3B3-4B02-87B5-EEA122EC851E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{90CC0254-5914-4FB0-A0D1-C492A0BD2A6B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{67A63F86-82F7-4C4E-9C80-4C4630B6AF90}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{A1A294ED-8B42-43B3-945F-F8DE649B2AC0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{76AC4411-6842-4786-A414-728D9FF747A8}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{12B7211A-1FF3-4D48-A42F-1AF6A978B09F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{BDBE0138-50AD-4811-8A97-DF9AB6A75CD2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{C5BD8750-1F1E-485F-8BB4-E5D8F52784C3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{0AEA02C1-AF4E-4045-8B2F-04F7CA18E4AB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{BC37A673-2134-48BF-AD99-5DD847A3151C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{1871439F-25A0-4F5F-B75A-C565B29AE7FC}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{F1D1F73A-7B55-4805-8B5F-BAB46D50F969}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{902F4A0A-A567-4C46-A8FB-0CA304407F70}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{CD496ED7-2119-43D6-8185-8E4E4C3FDBED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{5865851F-137A-44BD-A935-0E439BACE734}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{C85EF3E9-5667-4828-B306-888A03476B2A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{9842E5B4-3E47-4ECC-8124-73ECF4392912}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{BDD05F30-7C09-44A4-B79A-8A5B160E20C5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{F620FD69-46D0-4DA6-8FDC-AC8322834033}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{04B2CB86-05C2-4179-A4EE-9BBBAD669320}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{B9A8EA02-04EB-40C6-8F71-170199A5BBB3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{7830A406-AB9B-42FB-8141-7328E152107C}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe FirewallRules: [{3B95141D-D942-4A64-A378-75BD97EEC919}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe FirewallRules: [{653295D5-856F-4D07-AD03-F331417D86B4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe FirewallRules: [{41AA97FE-2BDC-4E48-91C7-F7CA83ACC31C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe FirewallRules: [{C8A97B9C-879F-4A70-8E6F-99E6820C46C1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe FirewallRules: [{F233335E-EF61-48D8-89CF-F971D0DC2F9D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe FirewallRules: [{3F9A5A66-4545-4FA6-9498-039D2CF82855}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{9D59A053-FC9E-498E-8D0E-C583F18D7BF8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{9B1E2AF2-E405-4ECB-8C21-ED878A5739D8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{D08C713B-4803-4803-A54E-4AB3B0282DA0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{5A923E79-3647-439C-89DA-79FE1E62ED81}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{C9EE809A-E5CB-42E0-9D97-024213B10C92}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{828FC439-B3DC-42B4-904A-35C0D0015C81}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{41C168F8-C4C0-43D3-9FCC-5C0697F90D51}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{09464B79-CEF3-49E9-959B-17C9EE62480F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{8A4A44B0-A261-48D2-B178-5EC9CE91F86D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{F58F6145-0D1D-42E9-8894-8AF7A8279711}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{E87A5D1D-68F2-4530-96A4-6F997EF5BB75}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{F37451BF-C7B9-4585-A262-C6B8B7E49B0A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{0BE8CA58-953C-4B9C-B1CC-600956C1D227}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{0EA7FF69-E392-4B4A-AE43-33C73294C3BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{232C17B3-54D5-415B-AEA9-593313C5951C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{524DC082-C5CE-41A8-B06A-72E161AEC74D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B45FC7B9-BD7A-494F-8B04-4172B2584121}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FCE5F76A-F713-455B-A987-05DC597D4B17}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{386A5FCA-ABC5-4C46-A1C9-9B09830F7378}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{1968AFA5-3552-41E5-A6BF-94185369C2DF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{FA421636-0CD3-48E5-BD8B-0C39D11B4397}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{F5200FCF-C87B-406A-BEA5-CB0DED434B9D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{72CD96A1-8797-4D78-AA05-26CA87EB5AA0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{52B130A5-7ECB-4B15-83F9-E9556E9A3CDA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{C7ADE57A-DC8B-4D28-8863-F14A67DB2D5D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{BB9D24DB-EEC4-4071-9865-185EB40DB669}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{E07411CF-BBF3-41F3-964D-ED762A96050F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{C9CEE52F-0DE7-466E-B285-A3EE2237760A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{9C33C35F-8E85-4027-AAB9-8076FB685D81}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{F56EB349-0C6F-4EAA-977D-8EF6512823A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{7D50A434-27C6-4624-8F88-8CD593A82233}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{02F3DA28-A113-4600-9A54-36E9AE9BD17D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{25FAD7E8-11AA-4D6A-B862-6C761D229C20}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{EBC25E8B-4DFB-4832-9E6A-E89BA0E5F63E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{192A51B8-48C0-46FC-8398-48C0F578A11F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{6CF62567-07E0-46C5-B2C4-FB7164BFC8F8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{9B838AA4-84A3-4D94-99DE-2448E59F22B2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{EDABED4F-43A0-40BC-9FF6-56737700F41A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{3A9BBC9C-D959-4AF9-AEB2-FE14BB29FE79}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{763141EF-0499-4311-B941-C945793C0B39}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{E6D4D32A-9530-4CAD-8AA5-C75D129AB5EC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{876F829C-E95F-446C-BDAA-CD3CAF108165}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{DC7EA9FC-0F1F-4B74-BC8C-38BF691C74F3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{48B2E8E0-62F7-481C-9607-A238B534E4DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{633D1633-545E-4D13-8381-31549B2B4F13}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{F19093FB-1B4E-405F-B2DD-6AAFE673CC2B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{319C4F79-ACE4-4833-8E2E-A2209D441514}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{860C949E-4CDB-4347-A5B1-B495C32A2956}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{C6094BC1-299F-4772-887A-265D3C9F9EE3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{153EE32C-FD98-46E3-B2F9-1C69A02543AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{17DFD2BD-9A0C-4FE1-89CD-85D4A79298EC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{C0D052A5-724F-4F1B-8324-85D13F1E3436}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{44A671A2-E026-48D6-8F55-4F9416958A69}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{0EE61A60-9E79-4D01-8250-6B5A82595853}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{8BF82C58-AEF4-4FA5-B9EF-834F6CDF5103}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{52AE8EF7-BE19-401D-91A7-403D81F40219}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{85212B6C-9002-4BC7-839B-E74E0CB7DDA3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{284C9E16-F55D-4E1E-B293-F42691B53F63}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{510A5BD1-3D58-4BD7-9C10-E3C6F2E3DB2B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{9178D7A3-9A74-4751-A5FB-E848B3B4D5AC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{392E2B21-AA09-4C89-A2D6-B6225514A433}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{019F548A-680B-421C-8D51-59E619F91F71}] => (Allow) C:\Program |
23.05.2016, 20:53 | #6 |
| Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Und Teil 4 - der letzte Teil: Code:
ATTFilter Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{490F1C66-78ED-457E-AC65-6465295574A4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{129329C7-6D7E-4D63-90E5-D9CC83DCF0BC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{56BAD2B3-A86D-42F5-8CD4-234577ADFDC6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{646BD37C-9B44-4FB3-A35E-2CFF624431B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{DC4077CA-2DFC-4B22-838B-83057727EED1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{0496A2C5-EF8F-4BE6-9144-6941D2712791}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{CCF6C2A9-7F99-421A-B07D-337F0AFEF0C5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{8E73254E-4DB6-47DC-9F25-11769BE41AD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{C01CDE6F-D830-41BB-9A09-BEDF57C25540}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{E7280DE0-A387-416A-A820-C4611D6C70B4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{71BB9AF2-6000-4F8A-A6BE-A21112DD9DC0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{0FEDA432-7061-412D-B0A4-89C4D211975C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{CDA0CB86-BCA4-4FDF-AD7C-46A42FB316A4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{A4C6EFAF-5E99-4047-9518-36BB626F771B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{3D89DCBD-BEA7-4549-8838-608811DA80A6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{CA0FC011-CA62-45AF-8DE3-40F6654FE088}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{13771C19-F530-415C-91F9-AC78C98DE88A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{7CC5FFBE-08C0-45B9-8F50-D9764F9BC212}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{5612FD83-9E3E-4FB4-B03D-F847279B16D3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{E1A6F5B3-1A23-471C-9A28-6E866FB26DE1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{9FE22B77-2572-4C4C-8951-BF8D9B91839F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{5CDF8ABC-9490-4C6A-83DF-31BCFA6C00DF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{D431BF17-EB72-46FD-B49F-07D03BBD7778}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{9EC2FEEB-BA74-413C-93B1-479B85B3AF2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{4416A539-1EC1-4647-AF85-51CA4A1088E8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{AA773625-FEC9-4CE6-858E-B15333D9344C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{0C26A71F-6B66-4097-A888-EB66F45916CD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{D3B933A8-2BAE-4027-AFBC-C3DB94C3BEDC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{30E404FE-EE88-4D4B-A556-B1C3CE55BDCD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{F26737A0-E21E-428B-A704-322F8B1CCAAD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{A16034BB-21A1-47CD-A08B-3D7151EE6F0B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{9164A0B6-DA7C-4B88-BFCA-D08BD21E218E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{4D1FE3AD-78EF-42B4-9787-51B3EFB864E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{0C59A26D-F9B0-4684-B36A-ECA79ADBB2C2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{583721D2-8C7C-403A-88DB-153927D0127E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{D5C58683-88C6-473F-A73F-52BEE6CE9D04}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{9E201161-FA80-4711-AC09-491BA929CFBD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{C06F22DD-3571-48F9-B498-B7DAC7B8917A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{823CFDEF-C32C-4D3F-83D2-0351B78419E0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{87DE90D0-01D3-4DCB-A9F2-6FE83BE11F90}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{0EBE3EF6-F987-4452-80F6-1A5BAD577CC1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{734CBCD5-3734-4018-8916-089D1E3E7266}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{43DD63DC-1EB4-44CD-B3B6-2318E63B983F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [TCP Query User{4AA300BD-1702-4C57-B172-7E9308326EB4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{F01BF9B5-BCAA-4E65-8E7A-852B4A2E2293}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{C420A086-6E58-4FB5-98EF-FA6B0C8CA05C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{6C52E5D3-F5EF-41A6-9680-463482E8E36E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{1DDEC9D7-ABC4-4DB1-8292-65B7F4EE66B9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{17496A54-E062-4DDF-A32B-05CB07F961A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{6B23A617-3EF3-44B3-A579-C4B7E49F9C72}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{37ED0722-E77A-44A6-8B76-34B8C97EFCA8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{B8BDA52E-D2A2-4DA9-986A-8B22D9BE5C9B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{927F12A4-3F3D-4E46-9992-FC835801EF0B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{B33AAB79-402F-4AD9-86ED-7F80D8D225F6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{52AB9540-A9EA-495B-94F1-B406F8BFDC33}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{1FE9AA2F-4647-44F5-868A-650D74FC1D50}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{AB3C87A5-BFF9-46EB-A671-C68B4D5CF6C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{CC39FC06-36D7-4D36-8437-169350A2DF4D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{2A394011-8C91-4158-9793-4F73BCCFC8A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{432F0F37-27E3-45DA-800C-2DE555BF426D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{34A8B7A5-FCC1-4E63-8C20-6B4D68E33342}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{EAA0D7C8-A574-47A0-8893-7D419C27FA7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{0B0B1F87-6C88-472B-BCB3-50A1275B277E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{141B6327-A5E8-405C-AA64-4BDB8F0E4FD8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{7F78EC53-48FF-481D-839F-271B126E0E96}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{5DA5AA35-FE20-4799-B36F-8E679866D5D5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{B6B34CFF-4A31-4E4C-BCA6-9A8E58D64563}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{58526625-297B-48E1-BCF2-4A25DFF299B5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{9079B8E1-56A0-485B-A91A-D7FD80F12EDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{34FA9ADE-B297-4CD8-BA0C-83A8C9119688}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{1FDA6F39-8116-4547-9B21-00C84CA6B227}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{B54DFD4D-00FB-479E-BDB2-E3778EEC79FF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{0BF5AEEB-358B-47D1-BBBF-E214F1580BB5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{B005A06F-12B9-47AA-843D-0F2C0998C07A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{0372341B-4FFE-4874-BD88-F154639F30C3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{6ADE2134-F906-4C81-A349-B524970C0091}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{1564D67E-2EC4-4EBD-9578-7BF427BA9EB7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{817C146D-E5BA-420F-B48C-7D8A450452AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{6360E0FF-D7BB-4132-9EBA-141589EE2EEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{01D572F0-16B9-43E5-826A-E71356EC5A35}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{35CE69A4-D2F3-406B-B45D-B48EF7C0A3BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{F6341F3D-7973-4ABB-9AA7-E427E5C727BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{AD99871D-EB75-49DB-983C-911898B4688A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{5A9F3789-7F85-463F-83E2-6A9560DCF5C0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{1C31AA7F-126D-48B0-9AE9-AAEEDCFB0771}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{75DA1E9B-16DC-4410-B7EC-092D4E985E37}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{23A92402-AF76-45E5-813A-EE5C17E791BD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{A6E956B9-F2FF-4FA4-82AD-890BE11FE20A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{37C81BDD-C040-4CAE-9453-0E621460A0FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{A3DBA858-4526-408A-8B43-0682FA2A5A7F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{20232ACA-257C-4069-93DE-D75813C0D24E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{0E0F7AC3-F5EC-434B-AA23-AEAA389B6DB9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{087249FD-9231-4423-A57A-6A13D3CB7B65}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{CE7FB240-4024-4E25-A0EB-C4167AB29313}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{955F2EC7-A72B-47B7-B9C9-3546CC9E40D8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{28D020CC-A812-4732-9422-03B4F3C277C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{49E604C6-072C-4865-A6C4-38E1EBC3192F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{E46CD073-5723-4113-948F-F0498677E197}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{4650E7F7-1EC5-4485-A202-3A83C0640764}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{1892E1AD-D304-4F4D-9245-8C3FA8A688E3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{1C3E5793-CC32-4168-8CF5-47D7E365C5CD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{CF1B0872-848C-49F1-B75B-E087B2D202B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{859DEA75-1A4B-441D-A07E-812CA2F9BD17}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{CEBF598F-3AC9-43B2-8211-CC36AF624BDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{F399AD4C-8079-4AB7-9BC1-E28F6142708A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{3B26F8FB-4E25-4E5B-B1A8-B601517F08F1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{0A3F1638-715C-462A-B8C9-A57F6BD4EBF0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{9AA98031-263B-4D88-81A5-FA878F5157EF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{8BC7419E-A571-4098-A752-B3B72227ACA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{5EB2FBF6-A66C-4085-8FDE-384B8BC9394C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{F7D3F623-5A2E-42C5-A1C1-9797864E5501}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{0371DB23-ED59-4BBF-BC87-C7658379CC23}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{0A892605-F5A6-4716-819C-99A82042D9DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{502DCB77-4D94-414C-841E-881C0137051A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{94F1647C-39C0-4E1F-BC43-34E282C85FEA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{6309D76E-CC9F-4A8B-9425-DAB248744DEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{D1EADD00-7098-4BD0-96FA-9B37FCAA406C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{B14F0D13-570A-4164-AD0A-7F4201CAD20E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{58873BBF-77E0-402D-8089-2E52FCEF65B7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{1009B779-F3E1-4F85-B92C-82BBC8EB0B33}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{F1D71B7D-9D78-4E8E-A452-37E252A78A4A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{2C8F248A-AE1F-451C-98A0-368027B1F874}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{7F20A6F2-F908-45F6-AA51-33AE78B2104C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{E5145EA9-DEB6-4B4F-B249-B91AF14491F7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{D0743AE7-1B78-4440-934D-EE2280AB21A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{F17CF4A9-6653-4012-9534-CA56495C3CB6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{1844093D-DE5F-4DA9-882A-63EB441C4001}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{846CB1C7-F18B-402A-B9E3-CBBDB8571C88}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{20744EC2-B1DA-4004-B8A1-DE4998CA863A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{0DF7F6DD-C21B-4205-923F-ACF279F636F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{9A732564-3F9A-41BC-9993-38174E28AA31}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{70537F9F-685F-40DA-B14D-639FE6523512}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{D69A4E34-4C13-463F-B9AC-72F464447186}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{44DADE86-585D-438A-955A-93BF7628C369}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{357AF817-5F14-4DC4-B4C0-BE7547815CCB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{A24822CD-12AE-40DF-9313-26D7074767EB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{268752F1-9052-4702-954E-8BAD7280A95A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{4C880AB4-A387-4486-8062-E6A1FED32807}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E0E75E75-785B-41AF-86CD-AEECE6DF24F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1B5EDD28-75ED-4045-A6CA-4F1D148DD704}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{69678128-EFD1-485F-BC58-96BFF985AB1B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{16AE488A-B512-447B-B0DD-B3ADD93A4204}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{A3A8225C-98A5-401B-B7C2-9FB8BBC5337A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [TCP Query User{9899EABD-44D4-4FDC-8B43-F6CD64A2B338}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [UDP Query User{C9903273-33B5-4651-A660-4EE857F88BFF}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [{358C11D0-6680-427F-B7A8-1DEAF045D54A}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [{02A55493-FC18-42B1-8AC7-7CFAF3F7FC76}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [{333B6BA7-72A7-49DB-99EF-49CE92717989}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{7B18ECB1-DEFC-4AFC-A7DE-4316961B7929}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{02D61140-D3BC-4064-A99C-D25EFEEC901A}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{7D18EEC4-665C-4C57-AABC-B75889331B15}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{6ACA6621-1B43-4201-ACDC-B40DA563F8A4}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{40A88752-9155-444A-BE91-6FDBD7EE3807}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe FirewallRules: [{774A1A3C-B222-4956-BAF5-030D739A59D4}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe FirewallRules: [{EA3EA2A6-EF5C-40AF-A0DC-69DDEBBA00A3}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe ==================== Wiederherstellungspunkte ========================= 10-05-2016 13:56:06 Windows Update 13-05-2016 20:11:18 Windows Update 14-05-2016 20:25:51 Windows Modules Installer 14-05-2016 20:26:06 Windows Modules Installer 19-05-2016 20:16:48 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (05/22/2016 08:21:23 PM) (Source: DptfEvent) (EventID: 2) (User: ) Description: DptfPolicyLpmServiceHelper WinMain: CreateSharedMemory() failed. Session ID = 2 Error: (05/22/2016 08:21:23 PM) (Source: DptfEvent) (EventID: 3) (User: ) Description: DptfPolicyLpmServiceHelper CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed Last error = [0x00000102] Session ID = 2 Error: (05/20/2016 09:51:30 AM) (Source: DptfEvent) (EventID: 2) (User: ) Description: DptfPolicyLpmServiceHelper WinMain: CreateSharedMemory() failed. Session ID = 1 Error: (05/20/2016 09:51:30 AM) (Source: DptfEvent) (EventID: 3) (User: ) Description: DptfPolicyLpmServiceHelper CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed Last error = [0x00000102] Session ID = 1 Error: (05/20/2016 06:36:41 AM) (Source: DptfEvent) (EventID: 2) (User: ) Description: DptfPolicyLpmServiceHelper WinMain: CreateSharedMemory() failed. Session ID = 1 Error: (05/20/2016 06:36:41 AM) (Source: DptfEvent) (EventID: 3) (User: ) Description: DptfPolicyLpmServiceHelper CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed Last error = [0x00000102] Session ID = 1 Error: (05/19/2016 08:11:16 PM) (Source: DptfEvent) (EventID: 2) (User: ) Description: DptfPolicyLpmServiceHelper WinMain: CreateSharedMemory() failed. Session ID = 2 Error: (05/19/2016 08:11:16 PM) (Source: DptfEvent) (EventID: 3) (User: ) Description: DptfPolicyLpmServiceHelper CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed Last error = [0x00000102] Session ID = 2 Error: (05/18/2016 07:40:27 PM) (Source: DptfEvent) (EventID: 2) (User: ) Description: DptfPolicyLpmServiceHelper WinMain: CreateSharedMemory() failed. Session ID = 1 Error: (05/18/2016 07:40:27 PM) (Source: DptfEvent) (EventID: 3) (User: ) Description: DptfPolicyLpmServiceHelper CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed Last error = [0x00000102] Session ID = 1 Systemfehler: ============= Error: (05/20/2016 09:46:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/20/2016 07:08:39 AM) (Source: DCOM) (EventID: 10010) (User: Steffi) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (05/20/2016 07:08:09 AM) (Source: DCOM) (EventID: 10010) (User: Steffi) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (05/20/2016 06:47:33 AM) (Source: DCOM) (EventID: 10010) (User: Steffi) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (05/20/2016 06:47:03 AM) (Source: DCOM) (EventID: 10010) (User: Steffi) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (05/20/2016 06:40:19 AM) (Source: DCOM) (EventID: 10010) (User: Steffi) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (05/20/2016 06:39:49 AM) (Source: DCOM) (EventID: 10010) (User: Steffi) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (05/20/2016 06:28:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/20/2016 06:24:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/19/2016 08:17:47 PM) (Source: DCOM) (EventID: 10010) (User: Steffi) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} CodeIntegrity: =================================== Date: 2016-05-22 20:26:12.845 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-20 09:46:31.316 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-20 06:31:42.739 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-20 06:26:52.716 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-20 06:13:22.222 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-19 20:20:59.175 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-19 09:18:28.257 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-19 06:34:36.606 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-18 19:35:29.109 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-18 19:13:14.094 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i3-4012Y CPU @ 1.50GHz Prozentuale Nutzung des RAM: 43% Installierter physikalischer RAM: 4003.27 MB Verfügbarer physikalischer RAM: 2249.64 MB Summe virtueller Speicher: 4707.27 MB Verfügbarer virtueller Speicher: 2315.27 MB ==================== Laufwerke ================================ Drive c: (Acer) (Fixed) (Total:110.02 GB) (Free:11.01 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: E2B8D7DB) Partition: GPT. ==================== Ende von Addition.txt ============================ |
23.05.2016, 22:10 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
24.05.2016, 19:45 | #8 |
| Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Ich habe Malwarbytes gem. Anleitungb installiert, geupdatet und laufen lassen. Direkt beim ersten Lauf brachte er das Ergebnis: keine Malware gefunden. PC wurde durch Malwarebytes nicht neu gestartet. Anbei das Logfile: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2016.05.24.05 rootkit: v2016.05.20.01 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.18321 St :: STEFFI [administrator] 24.05.2016 20:23:57 mbar-log-2016-05-24 (20-23-57).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 293912 Time elapsed: 17 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
24.05.2016, 19:52 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.05.2016, 19:25 | #10 |
| Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Hallo Cosinus, hier das Log des ADWCleaners. JRT folgt dann gleich. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.117 - Bericht erstellt am 25/05/2016 um 19:53:37 # Aktualisiert am 15/05/2016 von Xplode # Datenbank : 2016-05-25.1 [Server] # Betriebssystem : Windows 8.1 (X64) # Benutzername : St - STEFFI # Gestartet von : C:\Users\St\Desktop\Micha\3. ADWCleaner\AdwCleaner_5.117.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** [-] Ordner gelöscht : C:\Program Files\Booking.com ***** [ Dateien ] ***** ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** [-] Geplante Aufgabe gelöscht : ACC ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel gelöscht : HKCU\Software\OCS [-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} [-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} [-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} ***** [ Internetbrowser ] ***** ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [1411 Bytes] - [25/05/2016 19:53:37] C:\AdwCleaner\AdwCleaner[S1].txt - [1563 Bytes] - [25/05/2016 19:50:41] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1557 Bytes] ########## Und hier der JRT-Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.6 (04.25.2016) Operating System: Windows 8.1 x64 Ran by St (Administrator) on 25.05.2016 at 19:59:34,62 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 2 Successfully deleted: C:\Users\St\AppData\Roaming\pdfforge (Folder) Successfully deleted: C:\windows\wininit.ini (File) Registry: 3 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CA3D82E3-65D7-4766-A28A-DEA78C9EBAE5} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 25.05.2016 at 20:03:37,45 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
26.05.2016, 11:09 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
27.05.2016, 18:59 | #12 |
| Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Hallo Cosinus, dann hier zuerst die FRST.txt FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01 durchgeführt von St (Administrator) auf STEFFI (27-05-2016 19:46:13) Gestartet von C:\Users\St\Desktop\Micha\1. FRST Geladene Profile: St (Verfügbare Profile: St) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe (Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Hover Access\HoverAccess.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\SunlightReading.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-12-27] (Realtek Semiconductor) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2014-12-27] (Intel Corporation) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2756672 2016-04-21] (Dominik Reichl) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [213536 2016-02-03] (Geek Software GmbH) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-12-27] (Atheros Communications) HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-12-27] (Spotify Ltd) HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\...\MountPoints2: {d0c1fdd8-ca5f-11e5-827f-9194abe72977} - "D:\LG_PC_Programs.exe" ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{5A9F095C-4334-4120-9975-797CDF3ECC0C}: [DhcpNameServer] 192.168.184.1 Tcpip\..\Interfaces\{BEC4EA46-F149-4E9D-B646-8CB98FC635FD}: [DhcpNameServer] 10.0.0.1 Internet Explorer: ================== HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB HKU\S-1-5-21-3148902193-1453853946-4009423498-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3148902193-1453853946-4009423498-1001 -> DefaultScope {CA3D82E3-65D7-4766-A28A-DEA78C9EBAE5} URL = BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH) Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH) FireFox: ======== FF ProfilePath: C:\Users\St\AppData\Roaming\Mozilla\Firefox\Profiles\qnva6imt.default FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-12-27] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-12-27] (Intel Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Extension: FireGestures - C:\Users\St\AppData\Roaming\Mozilla\Firefox\Profiles\qnva6imt.default\extensions\firegestures@xuldev.org.xpi [2016-05-18] FF Extension: Video DownloadHelper - C:\Users\St\AppData\Roaming\Mozilla\Firefox\Profiles\qnva6imt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23] FF Extension: Adblock Plus - C:\Users\St\AppData\Roaming\Mozilla\Firefox\Profiles\qnva6imt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-03-04] [ist nicht signiert] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-12-27] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-05-10] (Acer Incorporated) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817200 2016-05-01] (COMODO) R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-05-01] (COMODO) R2 DptfParticipantDisplayService; C:\Windows\system32\DptfParticipantDisplayService.exe [141944 2014-12-27] (Intel Corporation) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-12-27] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2014-12-27] (Intel Corporation) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-12-27] (Acer Incorporated) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-12-27] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2014-12-27] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2014-12-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-12-27] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2015-07-08] (Acer Incorporate) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2015-03-04] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2015-03-04] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2015-03-04] (pdfforge GmbH) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-12-27] (Acer Incorporate) R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-12-27] (Acer Incorporate) R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-12-27] (Acer Incorporated) R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-24] (acer) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29184 2016-02-04] (LG Electronics Inc.) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2016-02-04] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2016-02-04] (LG Electronics Inc.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-12-27] (Qualcomm Atheros Communications, Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-12-27] (Qualcomm Atheros) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-04-27] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851856 2016-04-27] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45592 2016-04-27] (COMODO) R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [70752 2014-12-27] (Intel Corporation) S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-12-27] (Intel Corporation) S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-12-27] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-12-27] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2014-12-27] (Intel Corporation) S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-12-27] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [290256 2014-12-27] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494808 2014-12-27] (Intel Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S0 hzgqpf; kein ImagePath R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-03] (Intel Corporation) R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation) S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [83960 2013-10-03] (Intel Corporation) S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [128504 2013-10-03] (Intel Corporation) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-04-27] (COMODO) S0 kebzlm; kein ImagePath R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2015-07-08] (Acer Incorporated) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-12-27] (Intel Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2015-07-08] (Acer Incorporated) R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2015-04-22] (Microsoft Corporation) S0 sjzgxw; kein ImagePath S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-08-12] (Apple, Inc.) [Datei ist nicht signiert] S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-25 20:03 - 2016-05-25 20:03 - 00001072 _____ C:\Users\St\Desktop\JRT.txt 2016-05-25 19:48 - 2016-05-25 19:53 - 00000000 ____D C:\AdwCleaner 2016-05-24 20:23 - 2016-05-24 20:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-05-24 20:23 - 2016-05-24 20:23 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-24 20:23 - 2016-05-24 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-05-24 20:22 - 2016-05-24 20:22 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys 2016-05-22 20:29 - 2016-05-27 19:46 - 00000000 ____D C:\FRST 2016-05-22 20:21 - 2016-05-22 20:21 - 00000017 _____ C:\Users\St\AppData\Local\resmon.resmoncfg 2016-05-18 19:47 - 2016-05-18 19:47 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\dsparse.dll 2016-05-18 19:47 - 2016-05-18 19:47 - 00024064 _____ (Microsoft Corporation) C:\windows\SysWOW64\dsparse.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 03820544 _____ (Microsoft Corporation) C:\windows\system32\rdpcore.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 03273728 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpcore.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 02466136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2016-05-18 19:46 - 2016-05-18 19:46 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\webio.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00442712 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00413696 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00332632 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00316760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys 2016-05-18 19:46 - 2016-05-18 19:46 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\shacct.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00160160 _____ (Microsoft Corporation) C:\windows\system32\IPHLPAPI.DLL 2016-05-18 19:46 - 2016-05-18 19:46 - 00148480 _____ (Microsoft Corporation) C:\windows\SysWOW64\shacct.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll 2016-05-18 19:46 - 2016-05-18 19:46 - 00121912 _____ (Microsoft Corporation) C:\windows\SysWOW64\IPHLPAPI.DLL 2016-05-18 19:26 - 2016-05-19 20:21 - 00000000 ____D C:\Users\St\AppData\Roaming\Comodo 2016-05-15 22:37 - 2016-05-15 23:05 - 00299397 _____ C:\Users\St\Desktop\ausgefüllt Vorsorgeset.pdf 2016-05-15 21:24 - 2016-05-15 21:24 - 00297725 _____ C:\Users\St\Desktop\formulare-vorsorgeset.pdf 2016-05-15 13:54 - 2016-05-15 13:54 - 13169768 _____ C:\Users\St\Desktop\Schokolade.pdf 2016-05-12 19:43 - 2016-05-12 19:43 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2016-05-12 19:43 - 2016-05-12 19:43 - 00561960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2016-05-12 19:43 - 2016-05-12 19:43 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2016-05-12 19:43 - 2016-05-12 19:43 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2016-05-12 19:43 - 2016-05-12 19:43 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2016-05-12 19:43 - 2016-05-12 19:43 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2016-05-12 19:43 - 2016-05-12 19:43 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2016-05-12 19:43 - 2016-05-12 19:43 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2016-05-12 19:43 - 2016-05-12 19:43 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2016-05-12 19:43 - 2016-05-12 19:43 - 00137976 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2016-05-12 19:43 - 2016-05-12 19:43 - 00120384 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 25816576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 20349952 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 15414784 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 13811200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 06052864 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 02893312 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 02285568 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2016-05-12 19:42 - 2016-05-12 19:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2016-05-12 19:42 - 2016-05-12 19:42 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2016-05-12 19:42 - 2016-05-12 19:42 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2016-05-12 19:42 - 2016-05-12 19:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 07446368 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2016-05-12 19:41 - 2016-05-12 19:41 - 01763376 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 01489088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 01307328 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 01097728 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 00747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 00738096 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 00613624 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 00534016 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.dll 2016-05-12 19:41 - 2016-05-12 19:41 - 00375296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.dll 2016-05-12 19:40 - 2016-05-12 19:40 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2016-05-12 19:40 - 2016-05-12 19:40 - 01549144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2016-05-12 19:40 - 2016-05-12 19:40 - 00074584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgr.sys 2016-05-10 13:31 - 2016-05-10 13:31 - 00003334 _____ C:\windows\System32\Tasks\AcerCloud 2016-05-05 12:53 - 2016-05-16 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-27 19:45 - 2016-02-15 11:42 - 02129096 _____ C:\windows\system32\PerfStringBackup.INI 2016-05-27 19:45 - 2015-04-29 08:11 - 00027766 _____ C:\windows\system32\Drivers\fvstore.dat 2016-05-27 19:45 - 2014-12-27 13:35 - 01032654 _____ C:\windows\system32\perfh007.dat 2016-05-27 19:45 - 2014-12-27 13:35 - 00247986 _____ C:\windows\system32\perfc007.dat 2016-05-27 19:45 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf 2016-05-27 13:50 - 2015-02-10 23:25 - 01474832 _____ C:\windows\system32\Drivers\sfi.dat 2016-05-27 11:09 - 2015-07-07 21:34 - 00009910 _____ C:\Users\St\Desktop\Rechnung an Micha.xlsx 2016-05-27 10:32 - 2015-03-05 12:55 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2016-05-25 19:59 - 2016-03-20 21:54 - 00000000 ____D C:\Users\St\Desktop\Micha 2016-05-25 19:54 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-05-25 09:20 - 2014-12-27 06:06 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3148902193-1453853946-4009423498-1001 2016-05-24 21:03 - 2013-08-22 17:36 - 00000000 ____D C:\windows\rescache 2016-05-24 20:50 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-05-24 20:50 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness 2016-05-23 21:29 - 2015-11-25 21:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-19 20:26 - 2015-08-20 21:43 - 00000000 ____D C:\windows\system32\appraiser 2016-05-19 20:26 - 2015-04-09 22:14 - 00000000 ___SD C:\windows\SysWOW64\GWX 2016-05-19 20:26 - 2015-04-09 22:14 - 00000000 ___SD C:\windows\system32\GWX 2016-05-19 20:26 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp 2016-05-19 20:25 - 2015-02-20 22:44 - 00000000 ____D C:\windows\system32\MRT 2016-05-19 20:18 - 2015-02-20 22:44 - 139319312 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2016-05-18 19:34 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI 2016-05-18 10:31 - 2015-03-04 16:50 - 00012718 _____ C:\Users\St\Documents\SP.kdbx 2016-05-18 10:31 - 2015-02-10 23:46 - 00000000 ____D C:\Users\St\AppData\Roaming\KeePass 2016-05-17 21:27 - 2014-09-01 11:38 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2016-05-16 13:50 - 2015-02-10 23:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-05-16 13:50 - 2013-08-22 16:44 - 00370592 _____ C:\windows\system32\FNTCACHE.DAT 2016-05-15 13:49 - 2015-03-05 11:51 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-15 13:32 - 2015-03-05 12:55 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2016-05-14 20:26 - 2014-03-18 11:45 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-11 22:08 - 2014-09-01 11:34 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2016-05-11 22:08 - 2014-09-01 11:34 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-10 13:31 - 2015-07-20 08:21 - 00003442 _____ C:\windows\System32\Tasks\BacKGroundAgent 2016-05-10 13:31 - 2014-09-01 11:49 - 00000000 ___HD C:\OEM 2016-05-10 13:31 - 2014-09-01 11:38 - 00000000 ____D C:\Program Files (x86)\Acer 2016-05-10 13:30 - 2014-12-27 06:01 - 00000000 ____D C:\Users\St\AppData\Local\clear.fi 2016-05-03 11:28 - 2015-03-05 12:39 - 00000000 ____D C:\Users\St\Documents\[6] Weiterbildung 2016-05-02 10:09 - 2015-02-10 22:22 - 00000000 ____D C:\Users\St\AppData\Local\CrashDumps 2016-04-30 18:43 - 2006-12-04 01:26 - 00022016 _____ () C:\windows\system32\sugs2l6.dll 2016-04-30 18:43 - 2006-11-21 11:40 - 00089600 _____ (SS) C:\windows\system32\sugs2ci.dll 2016-04-30 18:43 - 2006-11-20 08:22 - 00151552 _____ (SS) C:\windows\system32\sugs2ci.exe 2016-04-27 23:10 - 2015-01-30 13:28 - 00851856 _____ (COMODO) C:\windows\system32\Drivers\cmdguard.sys 2016-04-27 23:10 - 2015-01-30 13:28 - 00138568 _____ (COMODO) C:\windows\system32\Drivers\inspect.sys 2016-04-27 23:10 - 2015-01-30 13:28 - 00045592 _____ (COMODO) C:\windows\system32\Drivers\cmdhlp.sys 2016-04-27 23:10 - 2015-01-30 13:28 - 00032224 _____ (COMODO) C:\windows\system32\Drivers\cmderd.sys 2016-04-27 23:05 - 2015-01-30 13:27 - 00051800 _____ (COMODO) C:\windows\system32\cmdcsr.dll 2016-04-27 23:04 - 2015-01-30 13:27 - 00596232 _____ (COMODO) C:\windows\system32\guard64.dll 2016-04-27 23:04 - 2015-01-30 13:27 - 00461648 _____ (COMODO) C:\windows\SysWOW64\guard32.dll 2016-04-27 23:00 - 2015-01-30 13:27 - 00365752 _____ (COMODO) C:\windows\system32\cmdvrt64.dll 2016-04-27 22:58 - 2015-01-30 13:27 - 00051896 _____ (COMODO) C:\windows\system32\cmdkbd64.dll 2016-04-27 22:55 - 2015-01-30 13:27 - 00296120 _____ (COMODO) C:\windows\SysWOW64\cmdvrt32.dll 2016-04-27 22:53 - 2015-01-30 13:27 - 00046776 _____ (COMODO) C:\windows\SysWOW64\cmdkbd32.dll ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-05-22 20:21 - 2016-05-22 20:21 - 0000017 _____ () C:\Users\St\AppData\Local\resmon.resmoncfg 2014-12-27 05:19 - 2014-12-27 05:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\St\AppData\Local\Temp\AcerDocsSetup.exe C:\Users\St\AppData\Local\Temp\libeay32.dll C:\Users\St\AppData\Local\Temp\msvcr120.dll C:\Users\St\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\windows\system32\winlogon.exe => Datei ist digital signiert C:\windows\system32\wininit.exe => Datei ist digital signiert C:\windows\explorer.exe => Datei ist digital signiert C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\windows\system32\svchost.exe => Datei ist digital signiert C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\windows\system32\services.exe => Datei ist digital signiert C:\windows\system32\User32.dll => Datei ist digital signiert C:\windows\SysWOW64\User32.dll => Datei ist digital signiert C:\windows\system32\userinit.exe => Datei ist digital signiert C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\windows\system32\rpcss.dll => Datei ist digital signiert C:\windows\system32\dnsapi.dll => Datei ist digital signiert C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-05-19 20:16 ==================== Ende von FRST.txt ============================ [/CODE] |
27.05.2016, 19:40 | #13 |
| Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Hier der Addition.txt erster Teil Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:22-05-2016 01 durchgeführt von St (2016-05-27 19:47:24) Gestartet von C:\Users\St\Desktop\Micha\1. FRST Windows 8.1 (X64) (2014-12-27 04:01:10) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3148902193-1453853946-4009423498-500 - Administrator - Disabled) Gast (S-1-5-21-3148902193-1453853946-4009423498-501 - Limited - Disabled) St (S-1-5-21-3148902193-1453853946-4009423498-1001 - Administrator - Enabled) => C:\Users\St ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated) Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated) Acer Hover Access (HKLM-x32\...\{02488282-6E9D-42B0-877E-2AA34580E578}) (Version: 1.00.3001 - Acer Incorporated) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.10.2001 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated) Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated) Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3006 - Acer Incorporated) Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated) Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated) Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.17.2002.1 - Acer Incorporated) COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.1.18829 - Landesfinanzdirektion Thüringen) Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2106 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3855 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) KeePass Password Safe 2.32 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.32 - Dominik Reichl) LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.3 - LG Electronics) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOK) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint 2007 (HKLM-x32\...\POWERPOINT) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft) Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger) PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH) PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF To Excel Converter V2.0 (HKLM-x32\...\PDF To Excel Converter_is1) (Version: - hxxp://www.PDFExcelConverter.com) PDF24 Creator 7.6.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39061 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7300 - Realtek Semiconductor Corp.) Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB) Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOK_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_WORD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {139F8F47-642D-4FD7-B260-F2BD3694D336} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2015-07-08] (Acer Incorporate) Task: {18F49891-51AC-45F8-965A-10A9405EBEB4} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>) Task: {217F18D3-0AA1-44B2-9FB8-66884FEF393D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-05-10] (Acer) Task: {2AEA86DB-B495-49FC-A848-77566CA3090F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-05-01] (COMODO) Task: {425394FB-DDFA-4C69-BE86-5039148C5292} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-30] (COMODO) Task: {4CF5C90D-2F80-4C9F-BB2E-5FF9D99C4848} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-05-10] (Acer Incorporated) Task: {54232B1F-8C62-46F0-AD6C-1EC7C8828921} - System32\Tasks\Acer Hover Access Trigger => HoverAccessLauncher.exe Task: {555BE116-E575-4603-8EFD-55FF581F68E8} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-05-01] (COMODO) Task: {56700778-4744-4D55-94D8-C642A6867ADA} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2014-12-27] (Acer Incorporated) Task: {59924F37-A6DD-461A-B6AA-B83A2AF04817} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated) Task: {5CC1DB33-42D2-4DA0-A3B5-5FDEAD18FC41} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2014-12-27] (Acer Incorporated) Task: {62493BBE-11A6-4EFF-B1BB-623E8DE355A2} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-05-01] (COMODO) Task: {64B5F89B-0EAD-40A1-AFAC-C6393AE2C7EC} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2014-12-27] (Acer Incorporated) Task: {69A51C98-D77B-4D1C-B7F8-F0920560FFF4} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-30] (COMODO) Task: {6FC50853-D25A-4926-9AA3-03B5B77E1A5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-05-15] (Adobe Systems Incorporated) Task: {71AD4C2D-9A2B-4EF2-AC49-FB154CA224B5} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2014-12-27] (Acer Incorporated) Task: {97BBCD57-80D4-4006-BB3A-B40EFE96C168} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-12-27] (Acer Incorporated) Task: {A1C3E35A-D40C-4D8F-BE2E-F58D11CF86FD} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-05-10] (Acer Incorporated) Task: {AD726C7B-3AAD-4F3D-95C3-F85E7DDF05AC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-15] (Adobe Systems Incorporated) Task: {BC9BD4BB-3730-48CB-98C1-BE1D6C857839} - System32\Tasks\{ECC4F8AC-52F4-48F4-BDDF-CCE0B8E7F31C} => pcalua.exe -a "C:\Program Files (x86)\Acer\abPhoto\abPhotoSetup.exe" -c -uninstall Task: {BCB1CC46-B0C6-4B44-9BEC-43389533A003} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-12-27] (Acer Incorporate) Task: {C1F8A30D-5711-4AF6-A718-ECD894423397} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-12-20] () Task: {E55C5107-1972-4CF7-B590-D592B493A149} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-05-01] (COMODO) Task: {FB1A578B-7A7C-4B3D-AC5A-33E079E11954} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-12-27] (Acer Incorporate) Task: {FF9189C7-74DC-4222-8C51-552ECD86F848} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-05-10] () (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-02-03 21:34 - 2016-02-03 21:34 - 00192512 _____ () C:\windows\System32\zlhp1020.dll 2006-12-04 01:26 - 2016-04-30 18:43 - 00022016 _____ () C:\windows\System32\sugs2l6.dll 2016-02-03 21:34 - 2016-02-03 21:34 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\pphp1020.dll 2014-04-29 03:38 - 2014-12-27 14:58 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-04-29 03:35 - 2014-12-27 14:58 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2014-04-29 03:42 - 2014-12-27 14:58 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2016-01-20 11:50 - 2016-05-10 20:21 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe 2013-04-15 18:39 - 2016-03-16 12:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2014-12-27 05:16 - 2014-12-27 14:58 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-05-10 13:31 - 2016-05-10 13:31 - 00015064 _____ () C:\windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll 2016-04-18 16:13 - 2016-04-18 16:13 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll 2016-04-18 16:11 - 2016-04-18 16:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll 2016-04-20 14:57 - 2016-04-20 14:57 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll 2016-04-20 14:57 - 2016-04-20 14:57 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll 2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll 2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll 2015-11-11 04:41 - 2015-11-11 04:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\windows\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\HelpPane.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\hh.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\regedit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\splwow64.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\twain_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\winhlp32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\write.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\acledit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\aclui.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\acmigration.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\acproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ActionCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ActionQueue.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\activeds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adhapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adhsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adsldp.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\adsldpc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adsnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\advpack.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\aecache.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\aeinv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\aelupsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\aepic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AepRoam.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\aitagent.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\aitstatic.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\alg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AltTab.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\apds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Apphlpdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\appidapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\appidcertstorecheck.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\appidpolicyconverter.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\appidsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\appinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\appraiser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppReadiness.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\appsruprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppxAllUserStore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppxApplicabilityEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppXDeploymentExtensions.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppXDeploymentServer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppxStreamingDataSourcePS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AppxSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ARP.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\at.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AtBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\atl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\atlthunk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\attrib.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\audiodg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AudioEndpointBuilder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\auditcse.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AuthExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\authfwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AuthFWGP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AuthFWSnapin.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\AuthFWWizFwk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AuthHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AuthHostProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\autoconv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AutoWorkplaceN.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\avicap32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\avifil32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\avrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AxInstSv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AxInstUI.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\AzSqlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\backgroundTaskHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BackgroundTransferHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\basecsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\basesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\batmeter.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\bcd.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\bcdboot.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bcdprov.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\bcdsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BCP47Langs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bdaplgin.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BdeHdCfgLib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bderepair.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bdesvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bdeui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BdeUISrv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bdeunlock.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BFE.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bidispl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BioCredProv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BitLockerWizardElev.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsigd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsprx2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsprx3.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsprx4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsprx5.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsprx6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bitsprx7.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\blb_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bootcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bootim.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BootMenuUX.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bootsect.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\bootux.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\brdgcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bridgeunattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BrokerLib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\browser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bthci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BthHFSrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BthMtpContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bthpanapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BthpanContextHandler.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BthRadioMedia.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bthserv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BthSQM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\bthudtask.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\btpanui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BulkOperationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\BWContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ByteCodeGenerator.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cabview.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cacls.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\calc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CallButtons.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CallButtons.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CameraSettingsUIHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\capisp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\catsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\catsrvps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cdosys.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certca.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certCredProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certenc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CertEnrollCtrl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CertEnrollUI.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certreq.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\certutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cfmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cfmifsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\chartv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\chcp.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CheckNetIsolation.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\chkdsk.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\chkntfs.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\chkwudrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\choice.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CHxReadingStringIME.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cipher.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CIRCoInst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\clb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\clbcatq.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cleanmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\clfsw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cliconfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cliconfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\clip.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CloudNotifications.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmcfg32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmd.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmdext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmdial32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmdkey.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\cmdl32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmlua.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmmon32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmpbk32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmstplua.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cngcredui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cnvfat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cofire.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cofiredm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\colbact.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\colorcpl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\colorui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comcat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\compact.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CompatTelRunner.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CompMgmtLauncher.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CompPkgSup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ComputerDefaults.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comrepl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\comuid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\conhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\connect.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\ConnectedAccountState.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\consent.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\ConsentUX.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\console.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\control.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\convert.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\correngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CredentialMigrationHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CredentialUIBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\credssp.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\credui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\credwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptcatsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptdll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CryptoWinRT.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\crypttpmeksvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptui.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\cryptuiwizard.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cryptxml.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cscapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cscript.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\csrsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\CSystemEventsBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ctfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cttune.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\cttunesvr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d10.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d10core.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d10_1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d10_1core.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d11.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\d3d8thk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\D3DCompiler_47.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dab.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dabapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DAConn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dafBth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dafupnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dafWCN.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dafWfdProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DAFWSD.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DAMM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DaOtpCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\das.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dasHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dataclen.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\datusage.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\davhlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dbnetlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dbnmpntw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dccw.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dcomcnfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DDACLSys.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ddodiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DDOIProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DDORes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ddraw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ddrawex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DefaultDeviceManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DefaultPrinterProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Defrag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\defragproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\defragsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\desk.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\deskadp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\deskmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DevDispItemProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\deviceassociation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceDisplayStatusManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceDriverRetrievalClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceEject.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceElementSource.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DevicePairingProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DevicePairingWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceProperties.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\deviceregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceSetupManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceSetupManagerAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DeviceSetupStatusProvider.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\DeviceUxRes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\devmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\devobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DevPropMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\devrtl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dfdts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DFDWiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dfp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DfpCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dfscli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DfsShlEx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dhcpcmonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dhcpcore.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dhcpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DHCPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dhcpsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DiagCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diagperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diagtrack.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\dialer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\difxapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dimsjob.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dinput.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dinput8.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\discan.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diskcomp.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diskcopy.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diskcopy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diskpart.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dispci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dispdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dispex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DisplaySwitch.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\djoin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dllhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dllhst3g.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmdlgs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmdskmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmintf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmloader.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmocx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DMRServer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmsynth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmusic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmvdsitf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dmview.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dnscacheugc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dnsext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dnshc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dnsrslvr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\docprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\doskey.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Dot3Conn.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\dot3dlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3gpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3gpui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3hc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3mm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3msm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3svc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dpapimig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dpapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DpiScaling.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\driverquery.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drmv2clt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drtprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drttransport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drvcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drvinst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsauth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DscCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DscCoreConfProv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dskquota.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DsmUserTask.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsound.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsparse.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsquery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsrole.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dssec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dssenh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Dsui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dswave.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dtsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dui70.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\duser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dvdplay.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dvdupgrd.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dwm.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dwmredir.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DWWIN.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxgwdi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxmasf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DXP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxpps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Dxpserver.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\DxpTaskSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\dxva2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Eap3Host.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eappcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eappprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eapprovp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EAPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eapsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\easconsent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EaseOfAccessDialog.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\easinvoker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\easinvoker.proxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efsadu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efslsaext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efsui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EhStorAuthn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EhStorPwdMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EhStorShell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\els.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ELSCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\elshyph.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\elslad.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\elsTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EncDump.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\energy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\energyprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\energytask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eqossnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\es.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\esentprf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\EventAggregation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eventcls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eventcreate.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\eventvwr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\expand.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\extrac32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Faultrep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdBth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdBthProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FdDevQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fde.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdPHost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdPnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdprint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdProxy.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\FDResPub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdSSDP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdWCN.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdWNet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fdWSD.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\feclient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhautoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhcat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhcleanup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhengine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhevents.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhlisten.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhmanagew.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhshl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhsrchapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhsrchph.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhsvcctl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fhtask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FileAppxStreamingDataSource.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\filemgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\find.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\findnetprinters.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\finger.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Firewall.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FirewallAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FirewallControlPanel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fltLib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fltMC.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Fondue.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fontview.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\forfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\format.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\framedyn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\framedynos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\frprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fsavailux.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fsquirt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fsutilext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fthsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ftp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fundisc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fvecerts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fvecpl.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\fvenotify.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fveskybackup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fveui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fvewiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\fwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSCOMEX.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSCOMPOSE.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSCOVER.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSMON.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSROUTE.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSST.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXST30.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSTIFF.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSUNATD.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\FXSUTILITY.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gacinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gcdef.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\GdiPlus.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\generaltel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\getmac.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\getuname.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\glcndFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\glmf32.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\globinputhost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\glu32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gpedit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gpprnext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gpresult.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gptext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\gpupdate.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Groupinghc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\grpconv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hcproviders.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hdwwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hdwwiz.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\help.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\HelpPaneProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hgprint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hhctrl.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hhsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hidphone.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hidserv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hnetcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hnetmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\HOSTNAME.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hotplug.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hotspotauth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\httpprxm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\httpprxp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\htui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hwrcomp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\hwrreg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ias.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iasads.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iasdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iashlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IasMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iasnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iaspolcy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iasrad.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iassam.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iassdo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iassvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\icacls.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\icfupgd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\icm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\icmui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IconCodecService.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\icsigd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\icsunattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\icsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IdListen.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\idndl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IDStore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IEAdvpack.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ieetwcollector.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iertutil.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iesysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iexpress.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ifmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ifsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ifsutilx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\igdDiag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IKEEXT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imaadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imgutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\imm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\immersivetpmvscmgrsvr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\inetpp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\inetppui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\InfDefaultInstall.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\input.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\InputSwitch.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\invagent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ipconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iphlpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ipnathlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iprtprio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iprtrmgr.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\ipsecsnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\irclass.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\irftp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\irmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\irprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsicli.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsicpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsicpl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsidsc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsied.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsiexe.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\iscsium.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iscsiwmiv2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\itircl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\itss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iuilp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\jnwmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\joy.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\jscript9.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDBASH.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDRUM.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDTT102.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KdsCli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kdusb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kd_02_8086.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\keepaliveprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kernel.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kernelceip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\keyiso.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\keymgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\klist.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kmddsp.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\KMSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\korwbrkr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ksetup.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ktmutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ktmw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\l2gpstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\l2nacp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\L2SecHC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\l3codeca.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\l3codecp.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\label.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LangCleanupSysprepAction.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LAPRXY.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LaunchTM.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\licmgr10.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\linkinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ListSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\livessp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LldpNotify.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lltdapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lltdsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\lmhsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\loadperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\localspl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\localui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LocationApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LocationNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Locator.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LockScreenContent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LockScreenContentHost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LockScreenContentServer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\logagent.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\loghours.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\LogonUI.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lpkinstall.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lpksetup.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lpksetupproxyserv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lpremove.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lsass.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lsm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Magnification.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Magnify.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MaintenanceUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\makecab.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\manage-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MbaeApi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MbaeParserTask.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MbaeXmlParser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mblctr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mbsmsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mbussdapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mciavi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mcicda.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mciqtz32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mciseq.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mciwave.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\McxDriv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MDEServer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MDMAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mdminst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MdRes.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MdSched.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MemoryDiagnostic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mf3216.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfAACEnc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfc42.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfc42u.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfcsubs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfdvdec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfh264enc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfmjpegdec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mftranscode.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mgmtapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mibincodec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\microsoft-windows-system-events.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\midimap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\migflt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\miguiresource.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mimefilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mimofcodec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MirrorDrvCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\miutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mlang.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmcbase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmcico.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmcndmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmcshext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmcss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MMDevAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mode.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\modemui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\montr_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\more.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mountvol.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Mpeg2Data.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mpnotify.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mpr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mprext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mprmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MPSSVC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MRINFO.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MrmIndexer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msaatext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msacm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msacm32.drv:$CmdTcID [32] AlternateDataStreams: C:\windows\system32\msadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSAudDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msauserext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mscandui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mscat32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msched.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSchedExe.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mscms.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msctfime.ime:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MsCtfMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msctfp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msctfui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msctfuimanager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdadiag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdart.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdelta.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdri.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdtc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdtckrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdtclog.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdtctm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdtcuiu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSDvbNP.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msdxm.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msfeedsbs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msfeedssync.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msg711.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msgsm32.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mshta.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MsiCofire.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msidcrl40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msident.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msidle.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msieftp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msiltcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msimg32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msimtf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msinfo32.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\msisip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msiwer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mskeyprotcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mskeyprotect.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msls31.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msoeacct.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msoert2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mspaint.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mspatcha.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mspatchc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msports.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msra.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msrahc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msrating.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msrdc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MsRdpWebAccess.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msscntrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mssha.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msshooks.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mssign32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mssip32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mssitlb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MsSpellCheckingFacility.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MsSpellCheckingHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mssprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msTextPrediction.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msutb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msvcirt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msvcp60.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msvfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msvidc32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSVideoDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSWB7.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSWB70011.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSWB7001E.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSWB70404.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MSWB70804.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mswmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\msxml6.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mtstocom.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mtxdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mtxex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MUILanguageCleanup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MuiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\MultiDigiMon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mycomput.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\napdsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NapiNSP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\napipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NAPMONTR.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NAPSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Narrator.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nbtstat.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NcaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NcaSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncbservice.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NcdAutoSetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NcdProp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncobjapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncpa.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncryptprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncryptsslp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncsi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ncuprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nddeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndfapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndfetw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndfhcdiscovery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndiscapCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndishc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NdisImPlatform.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ndproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nduprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\negoexts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\net.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\net1.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netbios.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netcorehc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NetEvtFwdr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netiougc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netman.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Netplwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netprofm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netprofmsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netprovisionsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NetSetupApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netsh.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NETSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nettrace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NetVscCoinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\networkitemfactory.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NetworkStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\newdev.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\newdev.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ninput.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NL7Data0011.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NL7Data001E.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NL7Data0404.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NL7Data0804.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlahc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlhtml.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlmgp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nlmsprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0000.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0002.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0003.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0007.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0009.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData000a.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\NlsData000c.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData000d.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData000f.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0010.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0018.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData001a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData001b.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData001d.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0020.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0021.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0022.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0024.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0026.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0027.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData002a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0039.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\NlsData003e.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0045.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0046.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0047.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0049.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData004a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData004b.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData004c.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData004e.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0414.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0416.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0816.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData081a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsData0c1a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Nlsdl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\NlsLexicons0009.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nltest.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\normaliz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\npmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nrpsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nshhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nshipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nsi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nsisvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntdsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntlanui2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntmarta.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbcad32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbcbcp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbcconf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\odbctrac.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OEMLicense.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\offfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ogldrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\oleacchooks.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\oledlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\oleprn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\openfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\opengl32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OpenWith.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OptionalFeatures.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\osbaseln.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\OskSupport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\osuninst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\P2P.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\P2PGraph.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\p2pnetsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\p2psvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\panmap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PATHPING.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pautoenr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcacli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcadm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcalua.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcaui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcaui.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\PCPKsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PCPTpm12.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcsvDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcwrun.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pcwutl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pdfcmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pdhui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfproc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perftrack.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\perfts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\photowiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PickerHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PING.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pla.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\plasrv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\playlistfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PlaySndSrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PlayToStatusProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ploptin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pngfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnidui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnpclean.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnppolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnpts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnpui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PnPUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PnPutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PNPXAssoc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PNPXAssocPrx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnrpauto.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Pnrphc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnrpnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pnrpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PortableDeviceClassExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PortableDeviceConnectApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\PortableDeviceTypes.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\PortableDeviceWiaCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PortableDeviceWMDRM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pots.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\powercfg.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\powercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\powrprof.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\print.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PrintDialogHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PrintDialogs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\printfilterpipelineprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\printfilterpipelinesvc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PrintIsolationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PrintIsolationProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\printui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\printui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\prncache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\prnntfy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\procinst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\profapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\profext.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\profprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\profsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\profsvcext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\proquota.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\provcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\provthrd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ProximityCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ProximityCommonPal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ProximityRtapiPal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ProximityService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ProximityServicePal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ProximityUxHost.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\prvdmofcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\psapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PSModuleDiscoveryProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\psmsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\psr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pstask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pstorec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\puiapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\PurchaseWindowsLicense.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\PurchaseWindowsLicense.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pwlauncher.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pwlauncher.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\pwsso.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\QAGENTRT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qmgrprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\QSHVHOST.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Query.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\QUTIL.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\qwave.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\racpldlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\radardt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\radarrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RADCUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasadhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasauto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasautou.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rascfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\raschapext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rascustom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasdiag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasdial.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\raserver.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasgcw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasman.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasmans.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasmbmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RASMM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasmontr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasmxs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasphone.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasplap.dll:$CmdTcID [64] |
27.05.2016, 19:43 | #14 |
| Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Addition.txt Teil 2: Code:
ATTFilter AlternateDataStreams: C:\windows\system32\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rasser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rastls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rastlsext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdbui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpcfgex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpclip.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpcorets.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpendp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpinput.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RdpSa.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RdpSaProxy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RdpSaPs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RdpSaUacHelper.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdpudd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdrleakdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RDSAppXHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdsdwmdr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RDSPnf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdvidcrl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rdvvmtransport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ReAgentTask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\recimg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\recover.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\recovery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RecoveryDrive.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\reg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\regapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RegCtrl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\regedt32.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\regidle.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\regini.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Register-CimProvider.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\regsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\regsvr32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ReInfo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rekeywiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RelPost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\remotepg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\remotesp.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RemoveDeviceContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RemoveDeviceElevated.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\repair-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\replace.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\reseteng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\resmon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RestoreOptIn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rfxvmt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rgb9rast.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Ribbons.scr:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RMActivate.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RMActivate_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RMapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RmClient.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rmttpmvscmgrsvr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rnr20.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RoamingSecurity.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RotMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ROUTE.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RpcEpMap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RpcNs4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rpcnsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RpcPing.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RpcRtRemote.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rpcss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rsaenh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rshx32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RstrtMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rstrui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rtffilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rtm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\runas.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\rundll32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RunLegacyCPLElevated.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\RuntimeBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\samsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sas.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sbeio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SCardDlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SCardSvr.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\scavengeui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sccls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ScDeviceEnum.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scesrv.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\scext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\schedsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\schtasks.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scksp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scripto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scrnsave.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scrobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\scrrun.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdbinst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdchange.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdclt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdhcinst.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\sdiageng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdiagnhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdiagprv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdiagschd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sdohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SearchFilterHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SecEdit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\secinit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\seclogon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\secproc_ssp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Sens.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SensApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SensorsClassExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SensorsCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sensrsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\serialui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\serwvdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sessionmsg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\setbcdlocale.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SetNetworkLocation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SetProxyCredential.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\setspn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SettingMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SettingsHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SettingSyncCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SettingSyncHost.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\SettingSyncPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\setupcln.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\setx.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sfc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sfc_os.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sharemediacpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SHCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shdocvw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shlwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shpafact.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shrpubw.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shutdown.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\shwebsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\signdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sigverif.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SimAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SimCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SkyDrive.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SkyDriveShell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SkyDriveTelemetry.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SlideToShutDown.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\slpts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SmartCardSimulator.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SmartScreenSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SMBHelperClass.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\smbwmiv2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SmsDeviceAccessRevocation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SMSRouter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SnippingTool.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\snmpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\snmptrap.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SNTSearch.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\softkbd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\softpub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sort.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SortServer2003Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SortWindows61.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SortWindows6Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SoundRecorder.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SpaceAgent.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\SpaceControl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spbcd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spfileq.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SPInf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spmpm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spoolss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spoolsv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spopk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sppnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spwinsat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\spwmp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sqlcecompact40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sqlceoledb40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sqlceqp40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sqlcese40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sqlsrv32.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srchadmin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srrstr.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\SrTasks.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\srumapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srumsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srvsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\srwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sscore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sscoreext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ssdpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ssdpsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sspisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SSShim.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sstpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Startupscan.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\stclient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sti.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\StikyNot.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sti_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\StorageContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\storewuauth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Storprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\streamci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SubscriptionMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\subst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sugs2ci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sugs2ci.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sugs2l6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\svchost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\svsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\swprv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sxproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sxshared.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sxssrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sxsstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sxstrace.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SyncEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SyncHostps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SyncInfrastructure.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SyncInfrastructureps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Syncreg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\syncui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sysclass.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sysdm.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SysFxUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\syskey.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sysmain.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sysmon.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\sysntfy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SysResetErr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\syssetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemEventsBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\systeminfo.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesAdvanced.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesComputerName.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesHardware.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesPerformance.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesProtection.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemPropertiesRemote.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\systemreset.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemSettings.Handlers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\SystemSettingsRemoveDevice.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\systray.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\t2embed.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Tabbtn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TabbtnEx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tabcal.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TabletPC.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TabSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tapi3.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tapilua.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TapiMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tapiperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TapiSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TapiUnattend.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\taskbarcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\taskhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\taskhostex.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\taskkill.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tasklist.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TaskSchdPS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tbs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tcmsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tcpipcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TcpipSetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tcpmib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tcpmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tcpmonui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TCPSVCS.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tdc.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tdh.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\telephon.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\termmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\termsrv.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\TetheringIeProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TetheringMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TetheringStation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\themeservice.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\themeui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\threadpoolwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ThumbnailExtractionHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TimeBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TimeBrokerServer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TimeDateMUICallback.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\timeout.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TimeSyncTask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tpmcompc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TpmInit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TpmTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tpmvsc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tpmvscmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tpmvscmgrsvr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TRACERT.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\traffic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tree.com:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\trkwks.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tsbyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TSChannel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TSTheme.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TsWpfWrp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TtlsAuth.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\TtlsCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\TtlsExt.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\tvratings.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\twinapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\txflog.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\txfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tzsync.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ubpm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ucmhc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ucrtbase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\udhisapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uDWM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uexfat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ufat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UI0Detect.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uicom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uireng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ulib.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\umb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\umdmxfrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\umpnpmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\umpo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\umpoext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\umpowmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\umrdp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\unattend.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uniplat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\unlodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\unregmp2.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\untfs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\upnpcont.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\upnphost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ureg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\url.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\usbaaplrc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\usbceip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\usbmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\usbperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\usbui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UserAccountBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UserAccountControlSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\userinit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\userinitext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UserLanguageProfileCallback.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UserLanguagesCpl.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ustprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UtcResources.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\utildll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Utilman.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uudf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\UXInit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\uxtheme.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VAN.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vaultcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VaultCmd.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VaultRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vaultsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vbisurf.ax:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vds.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vdsbas.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vdsdyn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vdsldr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vdsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vdsvd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vds_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\verclsid.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\verifier.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\verifier.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\version.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vfwwdm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vidcap.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\virtdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vmbuspipe.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VmdCoinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vmictimeprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vmrdvcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vpnike.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vpnikeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VscMgrPS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vssadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vsstrace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\VSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\vss_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\w32time.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\w32tm.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\w32topl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WABSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\waitfor.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WallpaperHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WavDest.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wbadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wbemcomn.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\wbengine.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wbiosrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wcmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wcmcsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wcmsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WcnApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wcncsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WcnEapAuthProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WcnEapPeerProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WcnNetsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wcnwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WcsPlugInService.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\wdc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WdfCoInstaller01007.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WdfCoInstaller01007.dll:$CmdZnID [26] AlternateDataStreams: C:\windows\system32\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wdiasqmmodule.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wdscore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WebcamUi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Websocket.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wecapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wecsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wecutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wephostsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\werconcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wercplsupport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\werdiagcontroller.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WerFault.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WerFaultSecure.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wermgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wersvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wevtapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wevtfwd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wevtutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wextract.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wfdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WfHC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WFS.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\where.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\whhelper.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\whoami.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiaacmgr.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\wiaaut.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiadefui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiadss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiarpc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiascanprofiles.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiaservc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiashext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wiatrace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wimgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wimserv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winbici.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winbio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winbrand.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Windows.ApplicationModel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Background.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Background.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Custom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Custom.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Enumeration.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Portable.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.Sensors.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Globalization.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Graphics.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Graphics.Printing.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.Devices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.Renewal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Media.Streaming.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.Proximity.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Networking.Vpn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Storage.Compression.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.System.Display.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.System.RemoteDesktop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Web.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WindowsAnytimeUpgradeui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WindowsCodecsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\windowslivelogin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winethc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinFax.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wininit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wininitext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Winlangdb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winlogonext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winmm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winmmbase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinMsoIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winnsi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinOpcIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winresume.efi:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winrnr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winrs.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winrscmd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winrshost.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\winrssrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinRtTracing.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\WinSAT.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinSetupUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winshfhc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winsku.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winsockhc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WINSRPC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinSyncMetastore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinSyncProviders.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winusb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinUSBCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WinUSBCoInstaller.dll:$CmdZnID [26] AlternateDataStreams: C:\windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\winver.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wisp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\witnesswmiv2provider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wkscli.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\wkspbroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wkspbrokerAx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wksprt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wksprtPS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wkssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlanapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WLanConn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlandlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlanext.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WLanHC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlanhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlaninst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WlanMM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlanmsm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WlanRadioManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlansec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlansvcpal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Wldap32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wldp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlgpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlidcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlidcredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlidfdp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlidnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlidprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wlrmdr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WlS0WndH.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMASF.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmcodecdspps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmdmlog.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmdmps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmdrmnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmiclnt.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\wmicmiplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmidcom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmidx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmiprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmitomi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WmpDui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmpmde.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmsgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMSPDMOE.DLL:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wmvdspa.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WofTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WofUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\workerdd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WorkFolders.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WorkfoldersControl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WorkFoldersGPExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WorkFoldersShell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\workfolderssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wow64.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wow64cpu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wowreg32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpccpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WpcMon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WpcWebSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpdbusenum.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WpdMtp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WpdMtpUS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WPDShextAutoplay.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WPDShServiceObj.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpd_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpncore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpninprc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpnpinst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpnprv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wpnsruprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\write.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ws2help.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscisvif.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSClient.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\WSCollect.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscript.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wscui.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSDMon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSDPrintProxy.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSDScanProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsepno.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshcon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wship6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshnetbs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshqos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSHTCPIP.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WsmAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WsmAuto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsmplpxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsmprovhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsnmp32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsock32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wsqmcons.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSReset.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wtsapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wu.upgrade.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wuaext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wucltux.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUDFCoinstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUDFHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUDFPlatform.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUDFSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUDFx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUDFx02000.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wups2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WUSettingsProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WwaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwanconn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WWanHC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwaninst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwanmm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Wwanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwanprotdim.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\WwanRadioManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\wwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XAudio2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xcopy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XInput1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XInput9_1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xmlfilter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xmlprovi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XpsFilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XpsGdiConverter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XpsPrint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xpsrchvw.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\XPSSHHDR.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xpssvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xwizard.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xwizards.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xwreg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xwtpdui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\xwtpw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ZLhp1020.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\ZSHP1020.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\zshp1020s.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\acledit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ActionCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\activeds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\adsldp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\adsldpc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\adsmsext.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\adsnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\advpack.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\apds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Apphlpdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\appidapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AppxAllUserStore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ARP.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\at.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AtBroker.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\atl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\atlthunk.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\attrib.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\audiodev.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AuthExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\authfwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AuthFWGP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AuthFWWizFwk.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\autoconv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\avicap32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\avifil32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\avrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\AzSqlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\backgroundTaskHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\BackgroundTransferHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\basecsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\batmeter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bcd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\BCP47Langs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bdaplgin.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bidispl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\BioCredProv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsprx2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsprx3.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsprx4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsprx5.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsprx6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bitsprx7.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bootcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\bthudtask.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\btpanui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\BWContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ByteCodeGenerator.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cabview.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cacls.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\calc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CallButtons.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\capisp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\catsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\catsrvps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cdosys.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certca.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certCredProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certenc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CertEnrollCtrl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CertEnrollUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certreq.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\certutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cfmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cfmifsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\chartv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\chcp.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CheckNetIsolation.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\chkdsk.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\chkntfs.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\choice.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CHxReadingStringIME.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cipher.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\clb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\clbcatq.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cleanmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\clfsw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cliconfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cliconfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\clip.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CloudNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmcfg32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmd.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmdext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmdial32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmdkey.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmdl32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmlua.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmmon32.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\cmpbk32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmstplua.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cngcredui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cnvfat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\colbact.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\colorcpl.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\colorui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comcat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\compact.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CompPkgSup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\compstui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ComputerDefaults.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comrepl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\comuid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\connect.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ConnectedAccountState.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\console.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\control.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\convert.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CredentialUIBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\credui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\credwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptbase.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\cryptdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptdll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\CryptoWinRT.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\crypttpmeksvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptui.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\cryptuiwizard.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cryptxml.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cscript.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ctfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\cttune.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\cttunesvr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d10.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d10core.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d10_1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d10_1core.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d8.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d8thk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3dim.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3dim700.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3dramp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\d3dxof.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dabapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dataclen.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\davhlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dbnetlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dbnmpntw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dccw.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dcomcnfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DDACLSys.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ddodiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DDOIProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DDORes.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\ddraw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ddrawex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DefaultDeviceManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\delegatorprovider.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\desk.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\deskadp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\deskmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DevDispItemProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\deviceassociation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DevicePairingProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DevicePairingWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DeviceProperties.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DeviceSetupStatusProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DeviceUxRes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\devmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\devobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\devrtl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dfscli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DfsShlEx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dhcpcmonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dhcpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dhcpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DHCPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dhcpsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dialer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\difxapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dimsjob.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dinput.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dinput8.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\diskcomp.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\diskcopy.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\diskcopy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\diskpart.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dispex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DisplaySwitch.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dllhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dllhst3g.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmband.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmcompos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmdlgs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmdskmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmime.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmintf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmloader.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmocx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmscript.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmstyle.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmsynth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmusic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmvdsitf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dmview.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\docprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\doskey.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3dlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3gpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3gpui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3hc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3msm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dpapimig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DpiScaling.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\driverquery.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drmv2clt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drtprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drttransport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drvinst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsauth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dskquota.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsound.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsparse.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsquery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsrole.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dssec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dssenh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Dsui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dswave.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dtsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dui70.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\duser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dvdplay.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\dvdupgrd.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DWWIN.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxmasf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\DxpTaskSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\dxva2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eappcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eappprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eapprovp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\EAPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\efsadu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\efsui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\efsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\EhStorAuthn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\EhStorPwdMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\els.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ELSCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\elshyph.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\elslad.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\elsTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eqossnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\es.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\esentprf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\esentutl.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eventcls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eventcreate.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\eventvwr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\expand.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\extrac32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Faultrep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdBth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdBthProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FdDevQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fde.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdPnp.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\fdprint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdSSDP.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\fdWCN.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdWNet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fdWSD.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\feclient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\filemgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\find.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\findnetprinters.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\finger.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FirewallAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fltLib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fltMC.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Fondue.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fontview.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\forfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\format.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\framedyn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\framedynos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\frprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fsutilext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ftp.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\fundisc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\fwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FXSAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FXSCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FXSCOMEX.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FXSEXT32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\FXSXP32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gcdef.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\getmac.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\getuname.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\glcndFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\glmf32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\globinputhost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\glu32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gpedit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gpprnext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gpresult.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gptext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\gpupdate.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\grpconv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hcproviders.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hdwwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hdwwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\help.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\HelpPaneProxy.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hh.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hhctrl.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hhsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hidphone.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hidserv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hnetcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\hnetmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\HOSTNAME.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\htui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ias.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iasads.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iasdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iashlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\IasMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iasnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iaspolcy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iasrad.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iassam.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iassdo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iassvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\icacls.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iccvid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\icm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\icmui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\IconCodecService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\icsigd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\icsunattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\idndl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\IDStore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\IEAdvpack.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iesysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iexpress.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ifmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ifsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ifsutilx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imaadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imgutil.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\imm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\InfDefaultInstall.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\input.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\InputSwitch.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\instnm.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ipconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iprtprio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iprtrmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ipsecsnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ir32_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ir41_32.ax:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\ir41_qc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ir41_qcx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ir50_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ir50_qc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ir50_qcx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\irclass.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\irprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsicli.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsicpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsicpl.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsidsc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsied.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsium.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iscsiwmiv2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\itircl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\itss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\joy.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDRUM.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDTT102.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\kernel.appcore.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\keyiso.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\keymgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\kmddsp.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\korwbrkr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ktmutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ktmw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\l2gpstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\l2nacp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\L2SecHC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\l3codeca.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\l3codecp.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\label.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\LAPRXY.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\LaunchTM.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\licmgr10.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\linkinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\loadperf.dll:$CmdTcID [64] |
27.05.2016, 19:46 | #15 |
| Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP Addition.txt Teil 3: Code:
ATTFilter AlternateDataStreams: C:\windows\SysWOW64\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\LocationApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\LocationNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\lodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\logagent.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\loghours.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Magnification.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Magnify.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\makecab.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MbaeApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mbsmsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mbussdapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mciavi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mcicda.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mciqtz32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mciseq.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mciwave.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mdminst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mf.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\mf3216.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfAACEnc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfc42.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfc42u.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfcsubs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfdvdec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfh264enc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfmjpegdec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mftranscode.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mgmtapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mibincodec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\midimap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\miguiresource.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mimefilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mimofcodec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MirrorDrvCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\miutils.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\mlang.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\mmc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mmcbase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mmci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mmcico.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mmcndmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mmcshext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MMDevAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mode.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\modemui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\more.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mountvol.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Mpeg2Data.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mpr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mprext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mprmsg.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\MRINFO.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MrmIndexer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msaatext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msacm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msacm32.drv:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSAudDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mscandui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mscat32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mscms.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mscpxl32.dLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msctfime.ime:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MsCtfMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msctfp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msctfui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msctfuimanager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdadiag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdart.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdelta.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdtcuiu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSDvbNP.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msdxm.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msfeedsbs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msfeedssync.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msg711.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msgsm32.acm:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mshta.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msidcrl40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msident.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msidle.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msieftp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msiltcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msimg32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msimtf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msinfo32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msisip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msiwer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mskeyprotcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mskeyprotect.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msls31.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msoeacct.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msoert2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msorcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mspaint.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\mspatcha.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mspatchc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msports.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msra.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msrating.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\msrdc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msscntrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msscript.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mssha.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msshooks.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mssign32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mssip32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mssitlb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mssphtb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mssprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msutb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msvcirt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msvcp60.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msvfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msvidc32.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSVideoDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSWB7.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSWB70011.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSWB7001E.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSWB70404.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MSWB70804.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mswmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\msxml6.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mtstocom.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mtxdm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mtxex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mtxlegih.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\MuiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mycomput.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\napdsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NapiNSP.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\napipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NAPMONTR.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NAPSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Narrator.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NcaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NcdProp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ncobjapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\ncpa.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ncryptprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ncryptsslp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nddeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndfapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndfetw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndfhcdiscovery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndiscapCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndishc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ndproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\negoexts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\net.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\net1.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netbios.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netcorehc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netiougc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Netplwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netprofm.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\netprovisionsp.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\netsh.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NETSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\networkitemfactory.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\newdev.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\newdev.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ninput.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NL7Data0011.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NL7Data001E.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NL7Data0404.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NL7Data0804.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nlaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nlhtml.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nlmgp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nlmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nlmsprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0000.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0002.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0003.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0007.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0009.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData000a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData000c.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\NlsData000d.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData000f.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0010.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0018.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData001a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData001b.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData001d.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0020.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0021.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0022.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0024.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0026.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0027.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData002a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0039.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData003e.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0045.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0046.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0047.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0049.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData004a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData004b.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData004c.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData004e.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0414.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0416.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0816.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData081a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsData0c1a.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Nlsdl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\normaliz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\npmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nshhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nshipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nsi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntdsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntlanui2.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntmarta.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbcad32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbcbcp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbcconf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbcji32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbcjt32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odbctrac.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\oddbse32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odexl32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odfox32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odpdx32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\odtext32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\OEMLicense.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\offfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ogldrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\oleacchooks.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\olecli32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\oledlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\oleprn.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\olesvr32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\olethk32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\openfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\opengl32.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\OpenWith.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\osbaseln.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\OskSupport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\osuninst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\P2P.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\P2PGraph.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\p2pnetsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\panmap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PATHPING.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pautoenr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pcacli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pcaui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pcaui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PCPKsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PCPTpm12.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pdhui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfproc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\perfts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\photowiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PickerHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pid.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\PING.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pla.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\playlistfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PlaySndSrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PlayToStatusProvider.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\pngfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pnrpnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pots.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\powercfg.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\powercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\powrprof.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\print.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PrintConfig.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PrintDialogs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\printui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\printui.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\prncache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\prnntfy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\profapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\profext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\proquota.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\provcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\provthrd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ProximityCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ProximityCommonPal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ProximityRtapiPal.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\prvdmofcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\psapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\psr.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\pstorec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\puiapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\qmgrprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\QSHVHOST.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Query.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\QUTIL.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\qwave.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\racpldlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\radardt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\radarrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RADCUI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasadhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasautou.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rascfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\raschapext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasdiag.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasdial.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\raserver.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasgcw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasman.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasmontr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasmxs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasphone.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasplap.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rasser.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rastls.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rastlsext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rdpendp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RdpSa.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RdpSaProxy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RdpSaPs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RdpSaUacHelper.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rdrleakdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rdvvmtransport.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\recover.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\reg.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\regapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RegCtrl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\regedit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\regedt32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\regini.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Register-CimProvider.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\regsvr32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ReInfo.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rekeywiz.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\remotepg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\remotesp.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\replace.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\resmon.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RestoreOptIn.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Ribbons.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RMActivate.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\RMActivate_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RmClient.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rnr20.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ROUTE.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RpcNs4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rpcnsh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RpcPing.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RpcRtRemote.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rsaenh.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rshx32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RstrtMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rtffilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rtm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\runas.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\rundll32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sas.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sbeio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SCardDlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\schtasks.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scksp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scripto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scrnsave.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scrobj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\scrrun.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sdbinst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sdchange.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sdiageng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sdiagnhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sdiagprv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sdohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SearchFilterHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SecEdit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\secinit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\secproc_ssp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\secur32.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SensApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SensorsCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\serialui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\serwvdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SettingMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SettingSyncCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SettingSyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\setup16.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\setupcln.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\setx.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sfc.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sfc_os.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SHCore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shdocvw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shlwapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\shpafact.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shrpubw.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shutdown.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\shwebsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\signdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SimAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SimCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SkyDriveShell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\slpts.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SmartScreenSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SMBHelperClass.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\snmpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\softkbd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\softpub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sort.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SortServer2003Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SortWindows61.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SortWindows6Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spbcd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spfileq.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SPInf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spnet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spopk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spwinsat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\spwmp.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\sqlcecompact40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sqlceoledb40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sqlceqp40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sqlcese40.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sqlsrv32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\srchadmin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\srumapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\srumsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sscore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ssdpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SSShim.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Startupscan.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\stclient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sti.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\StorageContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Storprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\subst.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\svchost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sxproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sxshared.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sxsstore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sxstrace.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SyncHostps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SyncInfrastructure.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SyncInfrastructureps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Syncreg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\syncui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sysdm.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\syskey.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\sysmon.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\syssetup.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\systeminfo.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\systray.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\t2embed.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tapi3.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TapiMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tapiperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TapiSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TapiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\taskkill.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tasklist.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TaskSchdPS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tbs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tcmsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tcpipcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tcpmib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tcpmonui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TCPSVCS.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tdc.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tdh.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\telephon.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\termmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\themeui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\threadpoolwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TimeBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TimeDateMUICallback.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\timeout.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tpmcompc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TpmInit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TRACERT.EXE:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\traffic.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tree.com:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tsbyuv.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\TSChannel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TSTheme.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TtlsAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TtlsCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\TtlsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tvratings.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\twinapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\txflog.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\txfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ucmhc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ucrtbase.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\udhisapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uexfat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ufat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uicom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uireng.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ulib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\umdmxfrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uniplat.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\unlodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\unregmp2.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\untfs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\upnpcont.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\upnphost.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ureg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\url.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\usbceip.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\usbperf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\usbui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\user.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UserAccountBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UserAccountControlSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\userinit.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\userinitext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ustprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\utildll.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Utilman.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uudf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\UXInit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\uxtheme.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\VAN.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vaultcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vbisurf.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vdmdbg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vds_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\verclsid.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\verifier.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\verifier.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\version.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vfwwdm32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vidcap.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\virtdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vpnikeapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\VscMgrPS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vssadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vsstrace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\vss_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\w32tm.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\w32topl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WABSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\waitfor.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wbemcomn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wcmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WcnApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wcnwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wdc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wdigest.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wdscore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WebcamUi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Websocket.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wecapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wecutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\werdiagcontroller.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WerFault.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WerFaultSecure.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wermgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wevtapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wevtfwd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wevtutil.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wextract.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wfdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WfHC.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\where.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\whhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\whoami.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiaacmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiaaut.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiadefui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiadss.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiascanprofiles.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiashext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wiatrace.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wimgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winbio.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winbrand.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Background.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Globalization.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Graphics.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.System.Display.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.UI.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Web.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WindowsCodecsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\windowslivelogin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinFax.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wininitext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Winlangdb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winmm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winmmbase.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winnsi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winrnr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winrs.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winrscmd.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winrshost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winrssrv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinRtTracing.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winshfhc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winsku.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winsockhc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WINSRPC.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinSyncMetastore.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinSyncProviders.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winusb.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\winver.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wisp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wkspbrokerAx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wksprtPS.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlanapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WLanConn.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlandlg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlanext.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlanhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlaninst.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WlanMM.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlanmsm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlansec.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Wldap32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlgpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlidcli.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlidcredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlidfdp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlidnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wlidprov.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WlS0WndH.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMADMOE.DLL:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\WMASF.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmcodecdspps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmdmlog.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmdmps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmdrmnet.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmiclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmidcom.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmidx.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmiprop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmitomi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WmpDui.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmsgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wmvdspa.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wow32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wowreg32.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WPDShextAutoplay.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\write.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ws2help.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wscapi.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wscisvif.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wscproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wscript.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wscui.cpl:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshbth.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\wshcon.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshelper.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshext.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wship6.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshqos.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSHTCPIP.DLL:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WsmAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WsmAuto.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wsnmp32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wsock32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSSync.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wtsapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wvc.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WwaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\wwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XAudio2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xcopy.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XInput1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XInput9_1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xmlfilter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xmlprovi.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XpsFilt.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XpsPrint.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xpsrchvw.exe:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\XPSSHHDR.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xpssvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xwizard.exe:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\xwizards.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xwreg.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\xwtpdui.dll:$CmdTcID [130] AlternateDataStreams: C:\windows\SysWOW64\xwtpw32.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\SysWOW64\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\acpi.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\afd.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\agilevpn.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\appid.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\bridge.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\bthenum.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\bthpan.sys:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Drivers\bthport.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\BTHUSB.SYS:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\Classpnp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\clfs.sys:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Drivers\cng.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\disk.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\drmk.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\drmkaud.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\dumpsd.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\fltMgr.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\fsdepends.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\hdaudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\hidbth.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\intelpep.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\IPMIDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ks.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ksecdd.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\lgandnetbus64.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\lgandnetdiag64.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\lgandnetmodem64.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\LMDriver.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mountmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mpsdrv.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Drivers\msgpioclx.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\mslldp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ndiscap.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\NdisImPlatform.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ndistapi.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ndproxy.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\Ndu.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\netbios.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\netio.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\netvsc63.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\nsiproxy.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ntfs.sys:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Drivers\nwifi.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\pacer.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\partmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\pci.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\pdc.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\portcls.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\qwavedrv.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\RadioShim.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rasacd.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rasl2tp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rassstp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\refs.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rfcomm.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rmcast.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\rootmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\scfilter.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\sdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\spaceport.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\srv.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\srv2.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\srvnet.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\ssudmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\storport.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\swenum.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\tbs.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\tdx.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\tpm.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\TsUsbGD.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\tunnel.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\UCX01000.SYS:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usb8023.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbaapl64.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbccgp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbcir.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbd.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbehci.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbhub.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\USBHUB3.SYS:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbohci.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbport.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbuhci.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\usbvideo.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\USBXHCI.SYS:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\vhdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\vmbkmcl.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\vmbus.sys:$CmdTcID [130] AlternateDataStreams: C:\windows\system32\Drivers\vmstorfl.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\volmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\volsnap.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\vpci.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\wanarp.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\wdcsam64.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\wfplwfs.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\wimmount.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\winhv.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\winusb.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\wpcfltr.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\WUDFPf.sys:$CmdTcID [64] AlternateDataStreams: C:\windows\system32\Drivers\WUDFRd.sys:$CmdTcID [64] |
Themen zu Win8.1: Verdacht auf Trojaner, Comodo virtualisiert nach öffnen verdächtiger Amazon-ZIP |
.dll, administrator, adobe flash player, comodo, defender, dnsapi.dll, explorer, firefox, flash player, hängen, internet, launch, microsoft, mozilla, ordner, prozesse, realtek, registry, sandbox, scan, security, services.exe, siteadvisor, software, svchost.exe, system, trojaner, windows, winlogon.exe |